lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <649CDCB56C88AA458EFF2CBF494B62040335E143@USILMS12.ca.com>
Date: Thu, 19 Jul 2007 14:11:30 -0400
From: "Williams, James K" <James.Williams@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: [CAID 35515]: CA Products Alert Service RPC
	Procedure Buffer Overflow Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: [CAID 35515]: CA Products Alert Service RPC Procedure 
Buffer Overflow Vulnerabilities

CA Vuln ID (CAID): 35515

CA Advisory Date: 2007-07-17

Reported By: Anonymous researcher working with the iDefense VCP

Impact: Remote attacker can cause a denial of service or execute 
arbitrary code.

Summary: Multiple CA products that utilize Alert service 
functionality contain multiple vulnerabilities. The 
vulnerabilities, CVE-2007-3825, are due to insufficient bounds 
checking on received data by certain RPC procedures. An attacker 
can exploit these buffer overflows to execute arbitrary code or 
cause service failure. 

Mitigating Factors: None

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products:
CA Threat Manager for the Enterprise (formerly eTrust Integrated 
   Threat Management) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Client agent for Windows

Affected Platforms:
Microsoft Windows

Status and Recommendation:
CA recommends that customers apply the update to address the 
vulnerabilities. The updated Alert service must be manually 
installed. For all affected products, apply QO89817. 
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnoti
ce.asp

How to determine if you are affected:
1. Using Windows Explorer, locate the file "alert.exe". By 
   default, the file is located in the 
   "C:\Program Files\CA\SharedComponents\Alert" directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the "alert.exe" file version is less than 8.0.255.0, the 
   installation is vulnerable.

Workaround: None

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
Security Notice for CA products running the Alert service
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnoti
ce.asp
Solution Document Reference APARs:
QO89817
CA Security Advisor posting: 
CA Products Alert Service RPC Procedures Buffer Overflow 
Vulnerabilities
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149081
CA Vuln ID (CAID): 35515
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35515
Reported By: iDefense
iDefense Advisory: 
Computer Associates Alert Notification Server Multiple Buffer 
Overflow Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561
CVE References:
CVE-2007-3825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3825
OSVDB References: Pending
http://osvdb.org/

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, 
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a 
Vulnerability" form. 
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749
	
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2007 CA. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFGn6lHeSWR3+KUGYURArGzAJ4+EezAZQC7CVoGOB3IZpJSG1afqQCcDgBB
e05WG+VbM/EProEv5r0zz2I=
=vCWo
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ