Vigil@nce - CA ARCserve Backup, Workload Automation: two vulnerabilities of CA License
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use two vulnerabilities of CA License, in
order to elevate his privileges or to create a file, via CA
ARCserve Backup or CA Workload Automation.
Impacted products: ARCserve Backup, CA Workload Automation
Severity: 2/4
Creation date: 02/10/2012
DESCRIPTION OF THE VULNERABILITY
The CA ARCserve Backup and CA Workload Automation products contain
the CA License component. However, this component is impacted by
two vulnerabilities.
A local attacker can execute commands with system privileges.
[severity:2/4; CVE-2012-0691]
A local attacker can create or alter files with elevated
privileges. [severity:2/4; CVE-2012-0692]
A local attacker can therefore use two vulnerabilities of CA
License, in order to elevate his privileges or to create a file,
via CA ARCserve Backup or CA Workload Automation.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN