BugTraq
[CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities Jan 11 2007 11:16PM
Williams, James K (James Williams ca com)


Title: [CAID 34955, 34956, 34957, 34958, 34959, 34817]: BrightStor

ARCserve Backup Multiple Overflow Vulnerabilities

CA Vuln ID (CAID): 34955, 34956, 34957, 34958, 34959, 34817

CA Advisory Date: 2007-01-11

Discovered By: TippingPoint, IBM ISS, iDefense Labs

Impact: Remote attacker can execute arbitrary code.

Summary: CA BrightStor ARCserve Backup contains multiple overflow

conditions that can allow a remote attacker to execute arbitrary

code with local SYSTEM privileges on Windows. The BrightStor

ARCserve Backup Tape Engine service, Mediasvr service, and

ASCORE.dll file are affected.

Mitigating Factors: None.

Severity: CA has given these vulnerability issues a High risk

rating.

Affected Products:

BrightStor Products:

BrightStor ARCserve Backup r11.5

BrightStor ARCserve Backup r11.1

BrightStor ARCserve Backup for Windows r11

BrightStor Enterprise Backup r10.5

BrightStor ARCserve Backup v9.01

CA Protection Suites r2 Products:

CA Server Protection Suite r2

CA Business Protection Suite r2

CA Business Protection Suite for Microsoft Small Business

Server Standard Edition r2

CA Business Protection Suite for Microsoft Small Business

Server Premium Edition r2

Affected platforms:

Microsoft Windows

Status and Recommendation:

Customers with vulnerable versions of BrightStor ARCserve Backup

products should apply the appropriate fixes, which are now

available for download at http://supportconnect.ca.com.

BAB r11.5 - QO84983

BAB r11.1 - QO84984

BAB r11.0 - QI82917

BEB r10.5 - QO84986

BAB v9.01 - QO84985

Determining if you are affected:

Refer to the appropriate APAR for details about updated module

versions.

References (URLs may wrap):

CA SupportConnect:

http://supportconnect.ca.com/

CA SupportConnect Security Notice for this vulnerability:

Important Security Notice for BrightStor ARCserve Backup

http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.a
sp

CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secno
tice.asp

Solution Document Reference APARs:

Q084983, Q084984, QI82917, Q084986, Q084985

CA Security Advisor posting:

BrightStor ARCserve Backup Multiple Overflow Vulnerabilities

http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428

CAID: 34955, 34956, 34957, 34958, 34959, 34817

CAID Advisory links:

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34955

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34956

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34957

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34958

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817

Discoverer: TippingPoint, IBM ISS, iDefense Labs

TippingPoint advisories:

http://www.zerodayinitiative.com/advisories/ZDI-07-002.html

http://www.zerodayinitiative.com/advisories/ZDI-07-003.html

http://www.zerodayinitiative.com/advisories/ZDI-07-004.html

IBM ISS advisories:

http://www.iss.net/threats/252.html

http://www.iss.net/threats/253.html

iDefense Labs:

http://labs.idefense.com/

CVE Reference: CVE-2006-5171, CVE-2006-5172, CVE-2007-0168,

CVE-2007-0169, CVE-2006-6076, CVE-2006-6917

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5171

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5172

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0168

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6917

OSVDB Reference: OSVDB ID: 31317, 31318, 31319, 31320, 31327,

30637

http://osvdb.org/31317

http://osvdb.org/31318

http://osvdb.org/31319

http://osvdb.org/31320

http://osvdb.org/31327

http://osvdb.org/30637

Other references:

http://www.lssec.com/advisories/LS-20061001.pdf

http://www.lssec.com/advisories/LS-20060908.pdf

http://www.lssec.com/advisories.html

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,

please send email to vuln (at) ca (dot) com [email concealed], or contact me directly.

If you discover a vulnerability in CA products, please report

your findings to vuln (at) ca (dot) com [email concealed], or utilize our "Submit a

Vulnerability" form.

URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, One CA Plaza. Islandia, NY 11749

Contact http://www3.ca.com/contact/

Legal Notice http://www3.ca.com/legal/

Privacy Policy http://www3.ca.com/privacy/

Copyright © 2007 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus