From rkeith at securityfocus.com Tue Jan 3 14:50:08 2012 From: rkeith at securityfocus.com (rkeith) Date: Tue, 03 Jan 2012 13:50:08 -0700 Subject: [VIM] Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability, BID 51189 In-Reply-To: References: Message-ID: <4F036A00.6030905@securityfocus.com> Thanks George, Definitely an oversight on our part, the BIDs have been corrected/retired as required. Thanks, Rob On 12/29/2011 06:41 PM, George A. Theall wrote: > BID 51189 was created yesterday for an issue in CA ARCserve D2D / ARCserve Backup. It looks to me to be a dup of BID 48897. > > Yesterday's BID references an advisory from Hitachi (http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-025/index.html) which in turn references a Japanese language advisory from Computer Associates (http://www.casupport.jp/resources/info/CA20110809-01.htm). Like the earlier BID, that mentions CVE-2011-3011, which immediately should raise suspicions. And, if you use something like Yahoo's Babelfish to translate the page, you'll end up with text that's pretty close to http://seclists.org/fulldisclosure/2011/Aug/82, CA's original advisory from August referenced in 48897. > > Rob? > > > George