The information has been provided by Williams, James K.
The original article can be found at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
* CA ARCserve Backup version r11.5 (formerly BrightStor ARCserve Backup version r11.5)
* CA ARCserve Backup version r11.1 (formerly BrightStor ARCserve Backup version r11.1)
* CA ARCserve Backup r11.0 (formerly BrightStor ARCserve Backup version r11.0)
* CA Server Protection Suite version r2
* CA Business Protection Suite version r2
* CA Business Protection Suite for Microsoft Small Business Server Standard Edition version r2
* CA Business Protection Suite for Microsoft Small Business Server Premium Edition version r2
* CA ARCserve Backup version r12
* CA ARCserve Backup version r11.5 SP4
A remote attacker can cause a denial of service or execute arbitrary code.
Status and Recommendation:
CA has issued the following patches and upgrades to address the vulnerabilities.
CA ARCserve Backup r11.5 Windows: QO92996
CA ARCserve Backup r11.1 Windows: QO92849
CA ARCserve Backup r11.0 Windows: Upgrade to 11.1 and apply the latest patches.
CA Protection Suites r2: QO92996
The issues can also be addressed by applying CA ARCserve Backup 11.5 SP4 for Windows: QO99129
For CA ARCserve Backup r11.5 and r11.1 on UNIX and Linux based platforms, upgrade to 11.5 SP3.
Note: The upgrade for 11.1 requires new license keys, which are available for free until December 31, 2008. Visit the following
link for more information. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=172649
CA ARCserve Backup r11.5 Linux/x86/IA-64/x86_64: QO89980
CA ARCserve Backup r11.5 Tru64: QO89985
CA ARCserve Backup r11.5 HP-UX: QO89984
CA ARCserve Backup r11.5 Solaris: QO89982
CA ARCserve Backup r11.5 AIX: QO89981
CA ARCserve Backup r11.5 Linux/s390: QO89983
CA ARCserve Backup r11.1 Linux/x86/IA-64/x86_64: QO89980
CA ARCserve Backup r11.1 Tru64: QO89985
CA ARCserve Backup r11.1 HP-UX: QO89984
CA ARCserve Backup r11.1 Solaris: QO89982
CA ARCserve Backup r11.1 AIX: QO89981
CA ARCserve Backup r11.1 Linux/s390: QO89983
How to determine if you are affected:
1. Using Windows Explorer, locate the file "caloggerd.exe". By default, the file is located in the "C:\Program Files\CA\BrightStor ARCserve Backup" directory.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the below table, the installation is vulnerable.
Product Version File Name Timestamp File Size
11.5 caloggerd.exe 05/18/2007 10:55:48 299008 bytes
11.1 caloggerd.exe 05/18/2007 11:30:52 286720 bytes
* For Protection Suites r2 , use the file timestamp for CA ARCserve Backup r11.5.
For Linux/x86/IA-64/x86_64, Tru64, HP-UX, Solaris, Linux/s390:
Examine the file RELVERSION to determine the version. This can be done with the following command from a shell:
If the build number is below 2427, the installation is vulnerable.
CVE-2008-2241 and CVE Information: