* ____________________________________________________________________________ * * ID: 32 * PRODUCT: AXWBAS * RELEASE: 11.1 * DESC: NT -DISCOVERY SERVICE SECURITY VULNERABILITY * SYSTEMS AFFECTED: NT * SOLUTION TEXT: PRODUCT: BAB Windows Common RELEASE: 11.1 APAR #: QO64538 DATE: 17 FEB 2005 PROBLEM DESCRIPTION: NT -DISCOVERY SERVICE SECURITY VULNERABILITY ---------------------------------------------------- ***NOTE*** This PTF supersedes QO64496 which has been withdrawn ***NOTE*** This PTF supersedes QO62769 which has been withdrawn This update addresses potential security vulnerabilities caused by a buffer overflow condition in the ARCserve Discovery Service. This patch should be applied to all Windows systems where the ARCserve r11.1 base product and any type of ARCserve agent (file system, database, application, open file) is installed. This update is a cumulative patch and supersedes QO62769, which addressed a different vulnerability in the discovery service,originally reported by iDEFENSE. This patch also supercedes QO64496, which did not fully resolve this new problem on English OS installs. PREREQS: SP1 MPREREQS: None COREQS: None MCOREQS: None SUPERSEDED: QO64496 QO62769 HYPER: YES DISTRIBUTION CODE: A (A=Available, I=Internal) PROBLEM RESOLUTION: Follow the instructions below: The following PREREQS must be applied before applying this fix: SP1 This fix Supersedes the following : QO64496 QO62769 This fix requires BrightStor ARCserve Backup Release 11.1 to be installed. 1. Shutdown all BrightStor ARCserve Backup services. 2. Unzip the fix file as follows: CAZIPXP -U QO64538.CAZ 3. Run BAB111WSecurity.exe PRODUCT(S) AFFECTED: BrightStor ARCserve Backup for Windows Release 11.1 DOWNLOAD INFORMATION: --------------------- NODE: ftp.ca.com PATH: /CAproducts/unicenter/AXWBAS/nt/GA/QO64538 FILES: QO64538.DFC QO64538.CAZ UPDATED ROUTINES: --------------- BAB111WSecurity.exe 32906400 THU FEB 17 12:11:00 2005 * ____________________________________________________________________________ * * NT VERSION: 0 EFFECTIVE: 02/17/2005 ACTION: A *** NO ZAPS FOR THIS VERSION ***