SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA ARCserve Backup for Laptops and Desktops Vendors:   CA
CA ARCserve Backup for Laptops and Desktops Integer Overflow in LGServer Service May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020590
SecurityTracker URL:  http://securitytracker.com/id/1020590
CVE Reference:   CVE-2008-3175   (Links to External Site)
Date:  Jul 31 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.0, 11.1, 11.1 SP1, 11.1 SP2, 11.5
Description:   A vulnerability was reported in CA ARCserve Backup for Laptops and Desktops. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the LGServer service on TCP port 1900 to trigger an integer underoverflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target service.

The following product versions are affected:

CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
CA Protection Suites r2
CA Protection Suites 3.0
CA Protection Suites 3.1

Only the server installation of BrightStor ARCserve Backup for Laptops and Desktops is affected. The client installation is not affected.

The vendor was notified on May 30, 2008.

The Vulnerability Research Team, Assurent Secure Technologies, a TELUS company reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix.

CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1, 11.1 SP2:
Upgrade to 11.1 SP2 and apply RO00912.

CA ARCserve Backup for Laptops and Desktops 11.5:
RO00913.

CA Protection Suites 3.0:
RO00912.

CA Protection Suites 3.1:
RO00912.

CA Desktop Management Suite 11.2:
Upgrade to CA Desktop Management Suite 11.2 C1 and apply RO00913.

CA Desktop Management Suite 11.1:
RO01150.

CA ARCserve Backup for Laptops and Desktops 11.0:
Upgrade to ARCserve Backup for Laptops and Desktops version 11.1 SP2 and apply the latest patches.
QI85497.

The vendor's advisory is available at:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721

Vendor URL:  support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Assurent VR - CA ARCserve Backup for Laptops and

--===============0363913917240995047==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit

CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow

Assurent ID: FSC20080731-12

1. Affected Software

CA ARCserve Backup for Laptops and Desktops version r11.5
CA ARCserve Backup for Laptops and Desktops version r11.1 SP2
CA ARCserve Backup for Laptops and Desktops version r11.1 SP1
CA ARCserve Backup for Laptops and Desktops version r11.1
CA ARCserve Backup for Laptops and Desktops version r11.0
CA Desktop Management Suite version 11.2
CA Desktop Management Suite version 11.1
CA Protection Suites version r2
CA Protection Suites version 3.0
CA Protection Suites version 3.1

Reference: http://ca.com/smb/product.aspx?id=5286

2. Vulnerability Summary

There exists a buffer overflow vulnerability in the way CA ARCserve Backup for Laptops and Desktops handles incoming messages. The
 vulnerability is due to an integer underflow in the LGServer service.

3. Vulnerability Analysis

A remote unauthenticated attacker may exploit the vulnerability by sending a malicious request to LGServer service on TCP port 1900.
 Successful exploitation would allow the attacker to cause a denial of service condition, potentially inject and execute arbitrary
 code with privileges of the affected service.

4. Vulnerability Detection

Assurent has confirmed the vulnerability in:

CA ARCserve Backup for Laptops and Desktops version r11.5
CA ARCserve Backup for Laptops and Desktops version r11.1 SP2
CA ARCserve Backup for Laptops and Desktops version r11.1 SP1
CA ARCserve Backup for Laptops and Desktops version r11.1
CA ARCserve Backup for Laptops and Desktops version r11.0
CA Desktop Management Suite version 11.2
CA Desktop Management Suite version 11.1
CA Protection Suites version r2
CA Protection Suites version 3.0
CA Protection Suites version 3.1

5. Workaround

Apply the vendor patch or block communication from untrusted networks to affected assets.

6. Vendor Response

CA has released a bulletin addressing this vulnerability. 

Reference: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721

7. Disclosure Timeline

  2008-05-30 Reported to vendor
  2008-05-30 Initial vendor response
  2008-07-31 Coordinated public disclosure

8. Credits

Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

  CVE: CVE-2008-3175
  Vendor: 181721

10. About Assurent VRS

Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for MSPs and enterprise
 security teams, help to eliminate the significant costs incurred by security product vendors, MSPs, and enterprise security teams
 in responding to and managing critical new security vulnerabilities and other threats including worm & virus outbreaks and high-risk
 spyware. The VRS and TPP services are real-time feeds providing subscribers with detailed analysis of the top security vulnerabilities,
 focused on the specific needs of each group of customers. 

http://www.assurent.com/
--===============0363913917240995047==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0363913917240995047==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC