SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   CA ARCserve Backup Vendors:   CA
CA ARCserve Backup Bugs Let Remote Users Crash the Target Services or Execute Arbitrary Code
SecurityTracker Alert ID:  1021032
SecurityTracker URL:  http://securitytracker.com/id/1021032
CVE Reference:   CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400   (Links to External Site)
Date:  Oct 10 2008
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.1, 11.5, 12.0
Description:   Several vulnerabilities were reported in CA ARCserve Backup. A remote user can cause denial of service conditions. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to cause the target service to crash or execute arbitrary code. The code will run with the privileges of the target service.

A remote user can trigger a directory traversal flaw in processing certain RPC calls to execute arbitrary commands [CVE-2008-4397].

A remote user can cause the tape engine service to crash [CVE-2008-4398].

A remote user can cause the database engine service to crash [CVE-2008-4399].

A remote user can trigger a flaw in the processing of authentication credentials to cause multiple services to crash [CVE-2008-4400].

CA Server Protection Suite r2, CA Business Protection Suite r2, CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2, and CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 are also affected.

Haifei Li of Fortinet's FortiGuard Global Security Research Team, the Vulnerability Research Team of Assurent Secure Technologies, a TELUS Company, and Greg Linares of eEye Digital Security reported these vulnerabilities.
Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix.

CA ARCserve Backup r12.0 Windows:
Apply Service Pack 1 (RO01340)

CA ARCserve Backup r11.5 Windows:
RO02398

CA ARCserve Backup r11.1 Windows:
RO02396

CA Protection Suites r2:
RO02398

The vendor's advisory is available at:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
Vendor URL:  support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Thu, 9 Oct 2008 17:55:32 -0400
Subject:  CA ARCserve Backup Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Title: CA ARCserve Backup Multiple Vulnerabilities


CA Advisory Date: 2008-10-09


Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a 
   TELUS Company
Greg Linares of eEye Digital Security


Impact: A remote attacker can cause a denial of service or 
possibly execute arbitrary code.


Summary: CA ARCserve Backup contains multiple vulnerabilities that 
can allow a remote attacker to cause a denial of service or 
possibly execute arbitrary code. CA has issued patches to address 
the vulnerabilities. The first vulnerability, CVE-2008-4397, 
occurs due to insufficient validation of certain RPC call 
parameters by the message engine service. An attacker can exploit 
a directory traversal vulnerability to execute arbitrary commands. 
The second vulnerability, CVE-2008-4398, occurs due to 
insufficient validation by the tape engine service. An attacker 
can make a request that will crash the service. The third 
vulnerability, CVE-2008-4399, occurs due to insufficient 
validation by the database engine service. An attacker can make a 
request that will crash the service. The fourth vulnerability, 
CVE-2008-4400, occurs due to insufficient validation of 
authentication credentials. An attacker can make a request that 
will crash multiple services. Note that these issues only affect 
the base product.


Mitigating Factors: None


Severity: CA has given these vulnerabilities a High risk rating.


Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server 
   Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server 
   Premium Edition r2

*Formerly known as BrightStor ARCserve Backup.


Non-Affected Products
CA ARCserve Backup r12.0 Windows SP1


Affected Platforms:
Windows


Status and Recommendation:
CA has issued the following updates for systems that have an 
affected base product.

CA ARCserve Backup r12.0 Windows:
Apply Service Pack 1 (RO01340)

CA ARCserve Backup r11.5 Windows:
RO02398

CA ARCserve Backup r11.1 Windows:
RO02396

CA Protection Suites r2:
RO02398


How to determine if you are affected:
CA ARCserve Backup r12.0 Windows,
CA ARCserve Backup r11.5 Windows:

   1. Run the ARCserve Patch Management utility. From the Windows 
      Start menu, it can be found under Programs->CA->ARCserve 
      Patch Management->Patch Status.
   2. The main patch status screen will indicate if the respective 
      patch in the table below is currently applied. If the patch 
      is not applied, the installation is vulnerable.

Product                            Patch
CA ARCserve Backup r12.0 Windows   RO01340
CA ARCserve Backup r11.5 Windows   RO02398

For more information on the ARCserve Patch Management utility, 
read document TEC446265.

Alternatively, use the file information below to determine if the 
product installation is vulnerable.

CA ARCserve Backup r12.0 Windows,
CA ARCserve Backup r11.5 Windows,
CA ARCserve Backup r11.1 Windows:

   1. Using Windows Explorer, locate the file "asdbapi.dll". By 
      default, the file is located in the 
      "C:\Program Files\CA\BrightStor ARCserve Backup" directory.
   2. Right click on the file and select Properties.
   3. Select the General tab.
   4. If the file timestamp is earlier than indicated in the table 
      below, the installation is vulnerable.

Product version: CA ARCserve Backup r11.1 Windows
File Name: asdbapi.dll
File Size: 856064 bytes
Timestamp: 09/05/2008 10:35:19

Product version: CA ARCserve Backup r11.5 Windows*
File Name: asdbapi.dll
File Size: 1249354 bytes
Timestamp: 09/05/2008 11:14:04

Product version: CA ARCserve Backup r12.0 Windows
File Name: asdbapi.dll
File Size: 992520 bytes
Timestamp: 08/09/2008 4:51:58

*CA Protection Suites r2 includes CA ARCserve Backup 11.5


Workaround: None


References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
Solution Document Reference APARs:
RO01340, RO02398, RO02396
CA Security Response Blog posting:
CA ARCserve Backup Multiple Vulnerabilities
community.ca.com/blogs/casecurityresponseblog/archive/2008/10/9.aspx
Reported By: 
CVE-2008-4397 - Haifei Li of Fortinet's FortiGuard Global Security 
   Research Team
http://www.fortiguardcenter.com/
CVE-2008-4398 - Vulnerability Research Team of Assurent Secure 
   Technologies, a TELUS Company
CVE-2008-4399 - Vulnerability Research Team of Assurent Secure 
   Technologies, a TELUS Company
http://www.assurent.com/index.php?id=17
CVE-2008-4400 - Greg Linares of eEye Digital Security
http://www.eeye.com/
CVE References:
CVE-2008-4397 - Message engine command injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4397
CVE-2008-4398 - Tape engine denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4398
CVE-2008-4399 - Database engine denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4399
CVE-2008-4400 - Multiple service crash
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4400
OSVDB References: Pending
http://osvdb.org/


Changelog for this advisory:
v1.0 - Initial Release


Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory, 
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your 
findings to our product security response team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research


CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFI7n3AeSWR3+KUGYURAg0NAJ9jLzqrxJqZULSW8f2k6scNtPGGzwCfaQ5t
LKKf0q7/uG8pn1zWL7L1R5Q=
=t0W2
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC