SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA DMPrimer Vendors:   CA
DM Deployment Common Component (DMPrimer) Lets Remote Users Deny Service
SecurityTracker Alert ID:  1015504
SecurityTracker URL:  http://securitytracker.com/id/1015504
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 18 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4.154 and 1.4.155
Description:   A vulnerability was reported in the DM Deployment Common Component (DMPrimer) used by several CA products. A remote user can cause denial of service conditions.

The DM Primer component does not properly recognize certain network messages. A remote user can send specially crafted messages to cause excessive CPU consumption and log file consumption or to cause DM Primer to become unresponsive.

The DM Primer component is included in many CA products. The following CA products are affected:

BrightStor Mobile Backup r4.0
BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1
Unicenter Remote Control 6.0, 6.0 SP1
CA Desktop Protection Suite r2
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
CA Business Protection Suite for Midsize Business for Windows r2

The vendor credits Cengiz Aykanat and Karma[at]DesignFolks[dot]com[dot]au with reporting this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fixed version (DM Primer v11.0).

The vendor indicates that after initial installation of the affected products, the affected version of DM Primer can be removed after deployment. Instructions on how to remove the DM Primer component are available in the vendor's advisory is available at:

http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp

Vendor URL:  supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CAID 33756 - DM Deployment Common Component Vulnerabilities

Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities

CA Vulnerability ID: 33756

Discovery Date: 2005-12-20

CA Advisory Date: 2006-01-17

Discovered By: Cengiz Aykanat (CA internal audit), and 
Karma[at]DesignFolks[dot]com[dot]au.


Impact: Remote attacker can cause a denial of service condition.


Summary: The following security vulnerability issues have been 
identified in the DM Primer part of the DM Deployment Common 
Component being distributed with some CA products:
1) A Denial of Service (DoS) vulnerability has been identified in 
the handling of unrecognized network messages, which may result 
in high CPU utilization and excessive growth of the DM Primer 
log file.
2) A Denial of Service (DoS) vulnerability has been identified 
with the way in which DM Primer handles receipt of large rogue 
network messages, which can result in DM Primer becoming 
unresponsive. 


Severity: Computer Associates has given this vulnerability a 
Medium risk rating.


Mitigating Factors: These vulnerabilities will only be present if 
you have utilized the DM Deployment mechanism (bundled with the 
affected products) to deploy those products within your 
enterprise environment.


Affected Technologies: Please note that the DM Primer component 
is not a product, but rather a common component that is included 
with multiple products.  Vulnerable versions of the DM Primer 
component are included in the CA products listed in the Affected 
Products section below.  DM Primer component versions v1.4.154 
and v1.4.155 are vulnerable to these issues.  These 
vulnerabilities are not present in DM Primer v11.0 or later.


Affected Products:
- BrightStor Mobile Backup r4.0
- BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, 
r11.1 SP1
- Unicenter Remote Control 6.0, 6.0 SP1
- CA Desktop Protection Suite r2
- CA Server Protection Suite r2
- CA Business Protection Suite r2
- CA Business Protection Suite for Microsoft Small Business 
Server Standard Edition r2
- CA Business Protection Suite for Microsoft Small Business 
Server Premium Edition r2
- CA Business Protection Suite for Midsize Business for Windows 
r2


Affected platforms:
Windows


Platforms NOT affected:
This version of DM Primer is not supported on any other 
platforms.


Status and Recommendation: 
Since this version of DM Primer is only utilized for the initial 
installation of the products, the above vulnerabilities can be 
addressed by simply removing the DM Primer Service after 
deployment.  To remove the DM Primer component follow the 
instructions below:

dmprimer remove -f:

will force the removal of a local DM Primer service,

dmsweep -a1:remotecomp -dp:force

will force the removal of the DM Primer service from a remote 
computer called remotecomp.

The dmsweep command will be available on the DM Deployment 
machine (usually the host for the product manager with which it 
was bundled).  It can take a machine name, an ip address, or a 
range of ip addresses.  Some examples are:

dmsweep -a1:192.168.0.*  -dp:force

will forcibly remove DM Primer from all machines on the 
192.168.0.* subnet

dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force

will forcibly remove DM Primer from all machines in the range 
192.168.0.1-192.168.0.100

dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force

will forcibly remove DM Primer from all machines in the range 
192.168.0.1-192.168.0.100


Please refer to the FAQ for answers to commonly asked 
questions.
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp


References: 
(note that URLs may wrap)
DM Deployment Common Component Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not
ice.asp

Frequently Asked Questions (FAQ) related to this security update
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp

CA Security Advisor site advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756

CVE Reference: Pending
http://cve.mitre.org

OSVDB Reference: Pending
http://osvdb.org

Error Handling in DM Primer
http://www.designfolks.com.au/karma/DMPrimer/


Customers who require additional information should contact CA 
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a 
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Dir. Vuln Research 
CA Vulnerability Research Team


CA, One Computer Associates Plaza. Islandia, NY 11749
	
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA.  All rights reserved.
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC