| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Apr 2005 16:18:16 -0400 From: "Williams, James K" <James.Williams@...com> To: <bugtraq@...urityfocus.com> Subject: Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability With the assistance of iDEFENSE, Computer Associates has identified a buffer overflow vulnerability in the BrightStor ARCserve Backup Universal Agent Service for Windows and the BrightStor Enterprise Backup Universal Agent Service for Windows. This service is a common component of Windows based BrightStor ARCserve Backup and BrightStor Enterprise Backup agents. A remote attacker who successfully exploited this vulnerability could potentially gain privileged access. Computer Associates has posted patches that completely remediate this vulnerability issue on the CA SupportConnect web site (http://supportconnect.ca.com). iDEFENSE has confirmed that the patches fully remediate the reported vulnerability. Computer Associates strongly advises its customers to apply the patch immediately. See below for patch details. Title: Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability Date Published: Monday, April 11, 2005 CA Vulnerability ID: 32727 Impact: Remote attackers can execute arbitrary code. Affected Technologies: BrightStor ARCserve Backup (BAB) r11.1 Windows BrightStor ARCserve Backup 11 for Windows BrightStor ARCserve Backup 9.0 Windows BrightStor ARCserve Backup r11.1 (64-bit) for Windows BrightStor ARCserve Backup r11.1 Client Agent for Windows BrightStor ARCserve Backup Release 11 (64-bit) for Windows BrightStor ARCserve Backup v9.01 Client Agent for Windows BrightStor ARCserve Backup v9.01 Client Agent for Windows Non-English BrightStor ARCserve Backup v9.01 for Windows (64bit edition) BrightStor ARCserve Backup v9.01 for Windows Non-English BrightStor Enterprise Backup 10.0 BrightStor Enterprise Backup 10.5 BrightStor Enterprise Backup v10.5 for Windows (64bit edition) Recommendations: Apply the patches. Links to Knowledge Base Documents and Patches: (Please note potential for line wrap) BrightStor ARCserve Backup r11.1 for Windows (all components): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66526& startsearch=1 BrightStor ARCserve Backup r11.1 Client Agent for Windows only: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66527& startsearch=1 BrightStor ARCserve Backup r11.1 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66534& startsearch=1 BrightStor ARCserve Backup r11.0 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66525& startsearch=1 BrightStor ARCserve Backup r11.0 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66535& startsearch=1 BrightStor ARCserve Backup v9.01 for Windows English (all components): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66528& startsearch=1 BrightStor ARCserve Backup v9.01 for Windows Non-English (all components): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66529& startsearch=1 BrightStor ARCserve Backup v9.01 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66536& startsearch=1 BrightStor ARCserve Backup v9.01 Client Agent for Windows only (English): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66530& startsearch=1 BrightStor ARCserve Backup v9.01 Client Agent for Windows only (Non-English): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66531& startsearch=1 BrightStor Enterprise Backup v10.5 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66524& startsearch=1 BrightStor Enterprise Backup v10.5 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66533& startsearch=1 BrightStor Enterprise Backup v10.0 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66523& startsearch=1 References: CA - CAID 32727 Computer Associates BrightStor ARCserve Backup UniversalAgent buffer overflow vulnerability http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32727 Mitre CVE - CAN-2005-1018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1018 Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com. Computer Associates International, Inc. (CA). One Computer Associates Plaza. Islandia, NY 11749 Contact Us http://ca.com/catalk.htm Legal Notice http://ca.com/calegal.htm Privacy Policy http://ca.com Copyright 2005 Computer Associates International, Inc. All rights reserved -- Ken Williams ; Vulnerability Research Computer Associates ; 0xE2941985 A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985
Powered by blists - more mailing lists