SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA ARCserve Backup for Laptops and Desktops Vendors:   CA
CA ARCserve Backup for Laptops and Desktops Bug in gui_cm_ctrls ActiveX Control Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019872
SecurityTracker URL:  http://securitytracker.com/id/1019872
CVE Reference:   CVE-2008-1786   (Links to External Site)
Date:  Apr 16 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): r11.5
Description:   A vulnerability was reported in CA ARCserve Backup for Laptops and Desktops. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an input validation flaw in the gui_cm_ctrls control and execute arbitrary code on the target system. The code will run with the privileges of the target user.

The CLSID of the vulnerable control is: E6239EB3-E0B0-46DA-A215-CFA9B3B740C5

Only the server installation is affected. Client installations are not affected.

The vulnerability also affects CA Desktop Management Suite, Unicenter Desktop Management Bundle, Unicenter Asset Management, Unicenter Software Delivery, and Unicenter Remote Control.

Greg Linares of eEye Digital Security reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fix for BrightStor ARCserve Backup for Laptops and Desktops r11.5:

QI96333

The following fixes are available for other affected CA products.

CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1):
QO96283

CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a:
QO96286

CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2:
QO96285

CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1:
QO96284

CA Desktop Management Suite for Windows r11.2 C2,
Unicenter Desktop Management Bundle r11.2 C2,
Unicenter Asset Management r11.2 C2,
Unicenter Software Delivery r11.2 C2,
Unicenter Remote Control r11.2 C2:
QO99084

CA Desktop and Server Management r11.2 C2:
QO99080

CA Desktop and Server Management r11.2 C1:
QO96288

CA Desktop and Server Management r11.2a:
QO96290

CA Desktop and Server Management r11.2:
QO96289

CA Desktop and Server Management r11.1 (GA, a, C1):
QO96287

The vendor's advisory is available at:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256

Vendor URL:  support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CA DSM gui_cm_ctrls ActiveX Control Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Title: CA DSM gui_cm_ctrls ActiveX Control Vulnerability


CA Advisory Date: 2008-04-15


Reported By: Greg Linares of eEye Digital Security


Impact: A remote attacker can execute arbitrary code or cause a 
denial of service condition.


Summary: CA products that implement the DSM gui_cm_ctrls ActiveX 
control contain a vulnerability that can allow a remote attacker 
to cause a denial of service or execute arbitrary code. The 
vulnerability, CVE-2008-1786, is due to insufficient verification 
of function arguments by the gui_cm_ctrls control. An attacker can 
execute arbitrary code under the context of the user running the 
web browser.


Mitigating Factors: For BrightStor ARCserve Backup for Laptops & 
Desktops, only the server installation is affected. Client 
installations are not affected. For CA Desktop Management Suite, 
Unicenter Desktop Management Bundle, Unicenter Asset Management, 
Unicenter Software Delivery and Unicenter Remote Control, only the 
Managers and DSM Explorers are affected. Scalability Servers and 
Agents are not affected.


Severity: CA has given this vulnerability a maximum risk rating 
of High.


Affected Products:
BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C2
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C2
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C2
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2 
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C2
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2 
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C2
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2 
Unicenter Remote Control r11.1 (GA, a, C1)
CA Desktop and Server Management r11.2 C2
CA Desktop and Server Management r11.2 C1
CA Desktop and Server Management r11.2a
CA Desktop and Server Management r11.2
CA Desktop and Server Management r11.1 (GA, a, C1)


Affected Platforms:
Windows


Status and Recommendation:

CA has provided the following updates to address the 
vulnerabilities. 

BrightStor ARCserve Backup for Laptops and Desktops r11.5:
QI96333

CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1):
QO96283

CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a:
QO96286

CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2:
QO96285

CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1:
QO96284

CA Desktop Management Suite for Windows r11.2 C2,
Unicenter Desktop Management Bundle r11.2 C2,
Unicenter Asset Management r11.2 C2,
Unicenter Software Delivery r11.2 C2,
Unicenter Remote Control r11.2 C2:
QO99084

CA Desktop and Server Management r11.2 C2:
QO99080

CA Desktop and Server Management r11.2 C1:
QO96288

CA Desktop and Server Management r11.2a:
QO96290

CA Desktop and Server Management r11.2:
QO96289

CA Desktop and Server Management r11.1 (GA, a, C1):
QO96287


How to determine if you are affected:

For products on Windows:
   directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the file version is earlier than indicated in the list 
   below, the installation is vulnerable.

Product:
CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1),
CA Desktop and Server Management r11.1 (GA, a, C1)
File Name:
gui_cm_ctrls.ocx
File Version:
11.1.8124.2517

Product:
CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2,
CA Desktop and Server Management r11.2
File Name:
gui_cm_ctrls.ocx
File Version:
11.2.2.4332

Product:
CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2,
CA Desktop and Server Management r11.2
File Name:
gui_cm_ctrls.ocx
File Version:
11.2.2.4332

Product:
CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a,
CA Desktop and Server Management r11.2a
File Name:
gui_cm_ctrls.ocx
File Version:
11.2.3.1896

Product:
CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1,
BrightStor ARCserve Backup for Laptops and Desktops r11.5,
CA Desktop and Server Management r11.2 C1
File Name:
gui_cm_ctrls.ocx
File Version:
11.2.1000.17

Product:
CA Desktop Management Suite for Windows r11.2 C2,
Unicenter Desktop Management Bundle r11.2 C2,
Unicenter Asset Management r11.2 C2,
Unicenter Software Delivery r11.2 C2,
Unicenter Remote Control r11.2 C2,
CA Desktop and Server Management r11.2 C2
File Name:
gui_cm_ctrls.ocx
File Version:
11.2.2000.4


Workaround: As a temporary workaround solution, disable the 
gui_cm_ctrls ActiveX control in the registry by setting the kill 
bit on CLSID {E6239EB3-E0B0-46DA-A215-CFA9B3B740C5}. Disabling the 
control may prevent the GUI from functioning correctly. Refer to 
Microsoft KB article 240797 
<http://support.microsoft.com/kb/240797> for information on how to 
disable an ActiveX control.


References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA products using the DSM gui_cm_ctrls ActiveX 
   control
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
Solution Document Reference APARs:
QI96333, QO96283, QO96286, QO96285, QO96284, QO99084, QO99080, 
   QO96288, QO96290, QO96289, QO96287
CA Security Response Blog posting:
CA DSM gui_cm_ctrls ActiveX Control Vulnerability
http://community.ca.com/blogs/casecurityresponseblog/archive/ \
2008/04/16/ca-dsm-gui-cm-ctrls-activex-control-vulnerability.aspx
Reported By: 
Greg Linares of eEye Digital Security
CVE Reference:
CVE-2008-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1786
OSVDB References: Pending
http://osvdb.org/


Changelog for this advisory:
v1.0 - Initial Release


Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory, 
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a 
Vulnerability" form. 
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research


CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFIBiQdeSWR3+KUGYURAtWDAJ47nVFhPDCStwVBPH4WO0l/ElsTMgCgjhER
UvZCTSln++iFRVB+bDHS5qs=
=jkLk
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC