SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA ARCserve Backup Vendors:   CA
CA BrightStor ARCserve/Enterprise Backup Agents Buffer Overflow Lets Remote Users Gain System Privileges
SecurityTracker Alert ID:  1014611
SecurityTracker URL:  http://securitytracker.com/id/1014611
CVE Reference:   CVE-2005-1272   (Links to External Site)
Updated:  Aug 9 2005
Original Entry Date:  Aug 2 2005
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.01, 10, 10.5, 11.0, 11.1
Description:   Computer Associates reported a vulnerability in BrightStor ARCserve/Enterprise Backup Agents. A remote user can execute arbitrray code on the target system.

The agent software does not properly validate user-supplied input. A remote user can send a specially crafted packet that is longer than 3168 bytes to port 6070 on the target system to trigger a buffer overflow. This may cause a denial of service condition or may cause arbitrary code to be executed with System privileges.

The following specific versions are affected.

BrightStor ARCserve Backup r11.1:
- BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
- BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
- BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
- BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange Premium Add-on for Windows

BrightStor ARCserve Backup r11.0:
- BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
- BrightStor ARCserve Backup Release 11 Agent for Oracle for Windows
- BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for Windows
- BrightStor ARCserve Backup Release 11 Agent for Microsoft Exchange Premium Add-on for Windows

BrightStor ARCserve Backup v9.01
- BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
- BrightStor ARCserve Backup Version 9 Agent for Oracle for Windows
- BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for Windows

BrightStor Enterprise Backup 10.5
- BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for Windows
- BrightStor Enterprise Backup v10.5 Serverless Backup Agent for Oracle for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC Timefinder for Windows
- BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for NT/2000

BrightStor Enterprise Backup 10
- BrightStor Enterprise Backup Agent for SQL for Windows
- BrightStor Enterprise Backup Agent for Oracle for Windows
- BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and SQL on Windows
- BrightStor Enterprise Backup Agent for Oracle for EMC Timefinder for Windows
- BrightStor Enterprise Backup Serverless Backup Agent for Oracle for Windows

The vendor was notified on April 25, 2005.

The vendor credits iDEFENSE with discovering this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can execute arbitrary code with System level privileges.

Solution:   The vendor has issued the following fixes.

BrightStor ARCserve Backup r11.1 for Windows:

http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO71010

BrightStor ARCserve Backup r11.0 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&startsearch=1

BrightStor ARCserve Backup v9.01 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&startsearch=1

BrightStor Enterprise Backup v10.5 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&startsearch=1

BrightStor Enterprise Backup v10.0 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&startsearch=1

The vendor reports that the original patch for BrightStor ARCserve Backup r11.1 Agent for Windows (QO70767) did not fully correct the vulnerability. The URL listed above is for the updated patch (QO71010).

Vendor URL:  www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

Title: Computer Associates BrightStor ARCserve/Enterprise Backup 
Agents buffer overflow vulnerability

CA Vulnerability ID: 33239

Discovery Date: 2005/04/25

Disclosure Date: 2005/08/02

Discovered By: iDEFENSE

Impact: A remote attacker can execute arbitrary code with SYSTEM 
privileges.

Summary: Computer Associates BrightStor ARCserve Backup and 
BrightStor Enterprise Backup Agents for Windows contain a 
stack-based buffer overflow vulnerability. The vulnerability may 
allow remote attackers to execute arbitrary code with SYSTEM 
privileges, or cause a denial of service condition. The buffer 
overflow is the result of improper bounds checking performed on 
data sent to port 6070. 

Severity: Computer Associates has given this vulnerability a 
High risk rating.

Affected Technologies: This vulnerability exists in the 
following BrightStor ARCserve Backup and BrightStor Enterprise 
Backup application agents:

BrightStor ARCserve Backup r11.1:
- BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
- BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
- BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
- BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange 
  Premium Add-on for Windows

BrightStor ARCserve Backup r11.0:
- BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
- BrightStor ARCserve Backup Release 11 Agent for Oracle for 
  Windows
- BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for 
  Windows
- BrightStor ARCserve Backup Release 11 Agent for Microsoft 
  Exchange Premium Add-on for Windows

BrightStor ARCserve Backup v9.01
- BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
- BrightStor ARCserve Backup Version 9 Agent for Oracle for 
  Windows 
- BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for 
  Windows 

BrightStor Enterprise Backup 10.5
- BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for 
  Windows
- BrightStor Enterprise Backup v10.5 Serverless Backup Agent for 
  Oracle for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC 
  Timefinder for Windows
- BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for 
  NT/2000

BrightStor Enterprise Backup 10
- BrightStor Enterprise Backup Agent for SQL for Windows
- BrightStor Enterprise Backup Agent for Oracle for Windows
- BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and 
  SQL on Windows
- BrightStor Enterprise Backup Agent for Oracle for EMC 
  Timefinder for Windows
- BrightStor Enterprise Backup Serverless Backup Agent for 
  Oracle for Windows

Status: Security updates that completely remediate this 
vulnerability issue are available for all affected products.

Recommendation (note that URLs may wrap): 
Apply the appropriate security update(s).
BrightStor ARCserve Backup r11.1 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767&
startsearch=1
BrightStor ARCserve Backup r11.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&
startsearch=1
BrightStor Enterprise Backup v10.5 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&
startsearch=1
BrightStor Enterprise Backup v10.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&
startsearch=1

CVE Reference: Pending

OSVDB Reference: Pending

Advisory URLs (note that URLs may wrap): 

CA Security Advisor site
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239

E-News: BrightStor Storage Newsletter v05.11 August 2nd, 2005
http://supportconnectw.ca.com/public/enews/BrightStor/brig080205.asp


Should you require additional information, please contact CA 
Technical Support at http://supportconnect.ca.com.


Respectfully,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985


Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
	
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved
                                                           
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC