SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA ARCserve Backup Vendors:   CA
BrightStor ARCserve Backup Buffer Overflows in 'Alert.exe' Let Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019790
SecurityTracker URL:  http://securitytracker.com/id/1019790
CVE Reference:   CVE-2007-4620   (Links to External Site)
Date:  Apr 4 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.1, 11.5
Description:   A vulnerability was reported in BrightStor ARCserve Backup. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Several procedures are affected.

CA Anti-Virus for the Enterprise is also affected.

An anonymous researcher reported this vulnerability via iDefense.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   The vendor has provided the following fixes.

CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8: QO96079
CA Threat Manager for the Enterprise r8: QO96387
CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise r8.1: QO96080
BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1: QO96079
BrightStor ARCserve Backup r11.0: Upgrade to 11.1 and apply the latest patches.

The vendor's advisory is available at:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

Vendor URL:  support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CA Alert Notification Server Multiple Vulnerabilities


Title: CA Alert Notification Server Multiple Vulnerabilities

CA Advisory Date: 2008-04-03

Reported By: An anonymous researcher working with the iDefense VCP

Impact: A remote authenticated attacker can execute arbitrary code 
or cause a denial of service condition.

Summary: CA Alert Notification Server service contains multiple 
vulnerabilities that can allow a remote authenticated attacker to 
execute arbitrary code or cause a denial of service condition. CA 
has issued updates to address the vulnerabilities. The 
vulnerabilities, CVE-2007-4620, are due to insufficient bounds 
checking in multiple procedures. A remote authenticated attacker 
or local user can exploit a buffer overflow to execute arbitrary 
code or cause a denial of service.

Mitigating Factors: Remote attacker must have legitimate 
authentication credentials.

Severity: CA has given these vulnerabilities a maximum risk rating 
of High.

Affected Products:
CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated 
   Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated 
   Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows

Affected Platforms:
Windows

Status and Recommendation:
CA has provided updates to address the vulnerabilities.
CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the 
Enterprise r8:  QO96079
CA Threat Manager for the Enterprise r8:  QO96387
CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the 
   Enterprise r8.1:  QO96080
BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup 
   r11.1:  QO96079
BrightStor ARCserve Backup r11.0:  Upgrade to 11.1 and apply the 
   latest patches.

How to determine if you are affected:

For products on Windows:
   1. Using Windows Explorer, locate the file "alert.exe". By 
      default, the file is located in the 
      "C:\Program Files\CA\SharedComponents\Alert" directory.
   2. Right click on the file and select Properties.
   3. Select the Version tab.
   4. If the file version is earlier than indicated in the below 
      table, the installation is vulnerable.

Product                                    File       Version
CA Anti-Virus for the Enterprise r8.1      Alert.exe  8.1.586.0
CA Threat Manager for the Enterprise 8.1   Alert.exe  8.1.586.0
CA Threat Manager for the Enterprise r8    Alert.exe  8.0.450.0
CA Anti-Virus for the Enterprise 7.1       Alert.exe  7.1.758.0
CA Anti-Virus for the Enterprise r8        Alert.exe  7.1.758.0
BrightStor ARCserve Backup r11.5           Alert.exe  7.1.758.0
BrightStor ARCserve Backup r11.1           Alert.exe  7.1.758.0

Workaround: None

References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for Alert Notification Server
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Solution Document Reference APARs:
QO96079, QO96387, QO96080, QO96079
CA Security Response Blog posting:
CA Alert Notification Server Multiple Vulnerabilities
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/\
ca-alert-notification-server-multiple-vulnerabilities.aspx
Reported By: 
An anonymous researcher working with the iDefense VCP
CVE References:
CVE-2007-4620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620
OSVDB References: Pending
http://osvdb.org/

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory, 
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a 
Vulnerability" form. 
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC