[<prev] [next>] [day] [month] [year] [list]
Message-ID: <649CDCB56C88AA458EFF2CBF494B620403905E82@USILMS12.ca.com>
Date: Fri, 21 Sep 2007 14:47:12 -0400
From: "Williams, James K" <James.Williams@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: [CAID 35673, 35674, 35675, 35676,
35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server
Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve
Backup for Laptops and Desktops Multiple Server Vulnerabilities
CA Vuln ID (CAID): 35673, 35674, 35675, 35676, 35677
CA Advisory Date: 2007-09-20
Reported By: Sean Larsson (VeriSign iDefense Labs)
anonymous researcher working with the iDefense VCP
eEye Digital Security
Impact: A remote attacker can execute arbitrary code or cause a
denial of service condition.
Summary: CA ARCserve Backup for Laptops and Desktops contains
multiple vulnerabilities that can allow a remote attacker to cause
a denial of service condition or execute arbitrary code. The first
set of vulnerabilities, CVE-2007-3216, occur due to insufficient
bounds checking on multiple command arguments by the LGServer
service. The second set of vulnerabilities, CVE-2007-5003, occur
due to insufficient bounds checking on rxrLogin authentication
credentials and on a username by the GetUserInfo() function. The
third vulnerability, CVE-2007-5004, occurs due to insufficient
verification of an integer value used during authentication, which
can lead to integer overflow. The fourth vulnerability,
CVE-2007-5005, occurs due to insufficient verification of file
uploads by the NetBackup service. The fifth vulnerability,
CVE-2007-5006, occurs due to insufficient verification of
authorization credentials, which can enable an attacker to bypass
authentication.
Mitigating Factors:
These issues can only be exploited on a server installation of CA
ARCserve Backup for Laptops and Desktops. The client installation
is not affected.
Severity: CA has given these vulnerabilities a maximum risk rating
of High.
Affected Products:
CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA ARCserve Backup for Laptops and Desktops r4.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
CA Desktop Management Suite 11.0
CA Protection Suites r2
Affected Platforms:
Windows
Status and Recommendation:
CA has provided updates to address the vulnerabilities.
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0:
Apply QO91013.
CA ARCserve Backup for Laptops and Desktops 11.1:
Apply QO91014.
CA Desktop Management Suite 11.1:
Apply QO91016.
CA Desktop Management Suite 11.2 English:
Apply QO91110.
CA ARCserve Backup for Laptops and Desktops 11.5:
Apply QO91015.
CA Desktop Management Suite 11.2 localized:
Apply QO91111.
How to determine if you are affected:
For Windows:
1. Using Windows Explorer, locate the file "rxRPC.dll". The file
can be found in the following default locations:
Products \ Directory Paths
- --------------------------
CA ARCserve Backup for Laptops and Desktops 11.5
C:\Program Files\CA\BrightStor ARCserve Backup for Laptops &
Desktops\Explorer
CA ARCserve Backup for Laptops and Desktops 11.1
C:\Program Files\CA\BrightStor ARCserve Backup for Laptops &
Desktops\server
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0
C:\Program Files\CA\BrightStor Mobile Backup\Server
CA Desktop Management Suite 11.2 English
C:\Program Files\CA\DSM\BABLD\MGUI
CA Desktop Management Suite 11.2 localized
C:\Program Files\CA\DSM\BABLD\MGUI
CA Desktop Management Suite 11.1
C:\Program Files\CA\Unicenter DSM\BABLD\Manager
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file date is earlier than indicated in the table below,
the installation is vulnerable.
Product \ File Name \ File Date / Size
- ----------------------------------------
CA ARCserve Backup for Laptops and Desktops 11.5
rxRPC.dll
June 25 2007 / 135168 bytes
CA ARCserve Backup for Laptops and Desktops 11.1
rxRPC.dll
June 20 2007 / 114688 bytes
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0
rxRPC.dll
June 18 2007 / 106496 bytes
CA Desktop Management Suite 11.2 English
rxRPC.dll
June 25 2007 / 126976 bytes
CA Desktop Management Suite 11.2 localized
rxRPC.dll
July 03 2007 / 135168 bytes
CA Desktop Management Suite 11.1
rxRPC.dll
July 03 2007 / 122880 bytes
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA ARCserve Backup for Laptops and Desktops Server Security Notice
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-
securitynotice.asp
Solution Document Reference APARs:
QO91013, QO91014, QO91016, QO91110, QO91015, QO91111
CA Security Advisor posting:
CA ARCserve Backup for Laptops and Desktops Multiple Server
Vulnerabilities
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006
CA Vuln ID (CAID): 35673, 35674, 35675, 35676, 35677
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677
Reported By: Sean Larsson (VeriSign iDefense Labs)
anonymous researcher working with the iDefense VCP
eEye Digital Security
iDefense advisory:
http://labs.idefense.com/intelligence/vulnerabilities/
eEye advisory:
Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops
http://research.eeye.com/html/advisories/published/AD20070920.html
CVE References:
CVE-2007-3216, CVE-2007-5003, CVE-2007-5004, CVE-2007-5005,
CVE-2007-5006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5006
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a
Vulnerability" form.
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2007 CA. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFG9BGneSWR3+KUGYURAmVaAJ9qnNG0Ao5OIdf5+ktDyanXJWRYjACcCGxz
e15FudL3++KwJXizqOOwBAU=
=L274
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists