lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D7DDF83751235046BFAC82E1244EB4C8075FE718@usilms23.ca.com>
Date: Thu, 14 Apr 2005 16:18:16 -0400
From: "Williams, James K" <James.Williams@...com>
To: <bugtraq@...urityfocus.com>
Subject: Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability



With the assistance of iDEFENSE, Computer Associates has identified a 
buffer overflow vulnerability in the BrightStor ARCserve Backup
Universal 
Agent Service for Windows and the BrightStor Enterprise Backup Universal

Agent Service for Windows. This service is a common component of Windows

based BrightStor ARCserve Backup and BrightStor Enterprise Backup
agents. 
A remote attacker who successfully exploited this vulnerability could 
potentially gain privileged access.

Computer Associates has posted patches that completely remediate this 
vulnerability issue on the CA SupportConnect web site 
(http://supportconnect.ca.com). iDEFENSE has confirmed that the patches 
fully remediate the reported vulnerability. Computer Associates strongly

advises its customers to apply the patch immediately. See below for 
patch details.

Title: Computer Associates BrightStor ARCserve Backup and BrightStor 
Enterprise Backup UniversalAgent buffer overflow vulnerability

Date Published: Monday, April 11, 2005

CA Vulnerability ID: 32727

Impact: Remote attackers can execute arbitrary code.

Affected Technologies:
BrightStor ARCserve Backup (BAB) r11.1 Windows
BrightStor ARCserve Backup 11 for Windows
BrightStor ARCserve Backup 9.0 Windows
BrightStor ARCserve Backup r11.1 (64-bit) for Windows
BrightStor ARCserve Backup r11.1 Client Agent for Windows
BrightStor ARCserve Backup Release 11 (64-bit) for Windows
BrightStor ARCserve Backup v9.01 Client Agent for Windows
BrightStor ARCserve Backup v9.01 Client Agent for Windows Non-English
BrightStor ARCserve Backup v9.01 for Windows (64bit edition)
BrightStor ARCserve Backup v9.01 for Windows Non-English
BrightStor Enterprise Backup 10.0
BrightStor Enterprise Backup 10.5
BrightStor Enterprise Backup v10.5 for Windows (64bit edition)

Recommendations: Apply the patches.

Links to Knowledge Base Documents and Patches:
(Please note potential for line wrap)
BrightStor ARCserve Backup r11.1 for Windows (all components):
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66526&
startsearch=1
BrightStor ARCserve Backup r11.1 Client Agent for Windows only:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66527&
startsearch=1
BrightStor ARCserve Backup r11.1 for Windows - 64 bit edition:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66534&
startsearch=1
BrightStor ARCserve Backup r11.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66525&
startsearch=1
BrightStor ARCserve Backup r11.0 for Windows - 64 bit edition:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66535&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows English (all components):
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66528&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows Non-English (all
components):
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66529&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows  - 64 bit edition:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66536&
startsearch=1
BrightStor ARCserve Backup v9.01 Client Agent for Windows only
(English):
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66530&
startsearch=1
BrightStor ARCserve Backup v9.01 Client Agent for Windows only
(Non-English):
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66531&
startsearch=1
BrightStor Enterprise Backup v10.5 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66524&
startsearch=1
BrightStor Enterprise Backup v10.5 for Windows - 64 bit edition:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66533&
startsearch=1
BrightStor Enterprise Backup v10.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66523&
startsearch=1 
 
References:
CA - CAID 32727
Computer Associates BrightStor ARCserve Backup UniversalAgent buffer 
overflow vulnerability
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32727
Mitre CVE - CAN-2005-1018 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1018

Should you require additional information, please contact
CA Technical Support at http://supportconnect.ca.com.

Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
	
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc. 
All rights reserved 	

--

Ken Williams ; Vulnerability Research 
Computer Associates ; 0xE2941985
A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ