BugTraq
CA ARCserve Backup Multiple Vulnerabilities Oct 09 2008 09:57PM
Williams, James K (James Williams ca com)


Title: CA ARCserve Backup Multiple Vulnerabilities

CA Advisory Date: 2008-10-09

Reported By:

Haifei Li of Fortinet's FortiGuard Global Security Research Team

Vulnerability Research Team of Assurent Secure Technologies, a

TELUS Company

Greg Linares of eEye Digital Security

Impact: A remote attacker can cause a denial of service or

possibly execute arbitrary code.

Summary: CA ARCserve Backup contains multiple vulnerabilities that

can allow a remote attacker to cause a denial of service or

possibly execute arbitrary code. CA has issued patches to address

the vulnerabilities. The first vulnerability, CVE-2008-4397,

occurs due to insufficient validation of certain RPC call

parameters by the message engine service. An attacker can exploit

a directory traversal vulnerability to execute arbitrary commands.

The second vulnerability, CVE-2008-4398, occurs due to

insufficient validation by the tape engine service. An attacker

can make a request that will crash the service. The third

vulnerability, CVE-2008-4399, occurs due to insufficient

validation by the database engine service. An attacker can make a

request that will crash the service. The fourth vulnerability,

CVE-2008-4400, occurs due to insufficient validation of

authentication credentials. An attacker can make a request that

will crash multiple services. Note that these issues only affect

the base product.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products:

CA ARCserve Backup r12.0 Windows

CA ARCserve Backup r11.5 Windows*

CA ARCserve Backup r11.1 Windows*

CA Server Protection Suite r2

CA Business Protection Suite r2

CA Business Protection Suite for Microsoft Small Business Server

Standard Edition r2

CA Business Protection Suite for Microsoft Small Business Server

Premium Edition r2

*Formerly known as BrightStor ARCserve Backup.

Non-Affected Products

CA ARCserve Backup r12.0 Windows SP1

Affected Platforms:

Windows

Status and Recommendation:

CA has issued the following updates for systems that have an

affected base product.

CA ARCserve Backup r12.0 Windows:

Apply Service Pack 1 (RO01340)

CA ARCserve Backup r11.5 Windows:

RO02398

CA ARCserve Backup r11.1 Windows:

RO02396

CA Protection Suites r2:

RO02398

How to determine if you are affected:

CA ARCserve Backup r12.0 Windows,

CA ARCserve Backup r11.5 Windows:

1. Run the ARCserve Patch Management utility. From the Windows

Start menu, it can be found under Programs->CA->ARCserve

Patch Management->Patch Status.

2. The main patch status screen will indicate if the respective

patch in the table below is currently applied. If the patch

is not applied, the installation is vulnerable.

Product Patch

CA ARCserve Backup r12.0 Windows RO01340

CA ARCserve Backup r11.5 Windows RO02398

For more information on the ARCserve Patch Management utility,

read document TEC446265.

Alternatively, use the file information below to determine if the

product installation is vulnerable.

CA ARCserve Backup r12.0 Windows,

CA ARCserve Backup r11.5 Windows,

CA ARCserve Backup r11.1 Windows:

1. Using Windows Explorer, locate the file "asdbapi.dll". By

default, the file is located in the

"C:\Program Files\CA\BrightStor ARCserve Backup" directory.

2. Right click on the file and select Properties.

3. Select the General tab.

4. If the file timestamp is earlier than indicated in the table

below, the installation is vulnerable.

Product version: CA ARCserve Backup r11.1 Windows

File Name: asdbapi.dll

File Size: 856064 bytes

Timestamp: 09/05/2008 10:35:19

Product version: CA ARCserve Backup r11.5 Windows*

File Name: asdbapi.dll

File Size: 1249354 bytes

Timestamp: 09/05/2008 11:14:04

Product version: CA ARCserve Backup r12.0 Windows

File Name: asdbapi.dll

File Size: 992520 bytes

Timestamp: 08/09/2008 4:51:58

*CA Protection Suites r2 includes CA ARCserve Backup 11.5

Workaround: None

References (URLs may wrap):

CA Support:

http://support.ca.com/

Security Notice for CA ARCserve Backup

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1881
43

Solution Document Reference APARs:

RO01340, RO02398, RO02396

CA Security Response Blog posting:

CA ARCserve Backup Multiple Vulnerabilities

community.ca.com/blogs/casecurityresponseblog/archive/2008/10/9.aspx

Reported By:

CVE-2008-4397 - Haifei Li of Fortinet's FortiGuard Global Security

Research Team

http://www.fortiguardcenter.com/

CVE-2008-4398 - Vulnerability Research Team of Assurent Secure

Technologies, a TELUS Company

CVE-2008-4399 - Vulnerability Research Team of Assurent Secure

Technologies, a TELUS Company

http://www.assurent.com/index.php?id=17

CVE-2008-4400 - Greg Linares of eEye Digital Security

http://www.eeye.com/

CVE References:

CVE-2008-4397 - Message engine command injection

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4397

CVE-2008-4398 - Tape engine denial of service

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4398

CVE-2008-4399 - Database engine denial of service

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4399

CVE-2008-4400 - Multiple service crash

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4400

OSVDB References: Pending

http://osvdb.org/

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,

please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your

findings to our product security response team.

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777
82

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/

Legal Notice http://www.ca.com/us/legal/

Privacy Policy http://www.ca.com/us/privacy/

Copyright (c) 2008 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus