BugTraq
CAID 33756 - DM Deployment Common Component Vulnerabilities Jan 18 2006 03:41PM
Williams, James K (James Williams ca com)


Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities

CA Vulnerability ID: 33756

Discovery Date: 2005-12-20

CA Advisory Date: 2006-01-17

Discovered By: Cengiz Aykanat (CA internal audit), and
Karma[at]DesignFolks[dot]com[dot]au.

Impact: Remote attacker can cause a denial of service condition.

Summary: The following security vulnerability issues have been
identified in the DM Primer part of the DM Deployment Common
Component being distributed with some CA products:
1) A Denial of Service (DoS) vulnerability has been identified in
the handling of unrecognized network messages, which may result
in high CPU utilization and excessive growth of the DM Primer
log file.
2) A Denial of Service (DoS) vulnerability has been identified
with the way in which DM Primer handles receipt of large rogue
network messages, which can result in DM Primer becoming
unresponsive.

Severity: Computer Associates has given this vulnerability a
Medium risk rating.

Mitigating Factors: These vulnerabilities will only be present if
you have utilized the DM Deployment mechanism (bundled with the
affected products) to deploy those products within your
enterprise environment.

Affected Technologies: Please note that the DM Primer component
is not a product, but rather a common component that is included
with multiple products. Vulnerable versions of the DM Primer
component are included in the CA products listed in the Affected
Products section below. DM Primer component versions v1.4.154
and v1.4.155 are vulnerable to these issues. These
vulnerabilities are not present in DM Primer v11.0 or later.

Affected Products:
- BrightStor Mobile Backup r4.0
- BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1,
r11.1 SP1
- Unicenter Remote Control 6.0, 6.0 SP1
- CA Desktop Protection Suite r2
- CA Server Protection Suite r2
- CA Business Protection Suite r2
- CA Business Protection Suite for Microsoft Small Business
Server Standard Edition r2
- CA Business Protection Suite for Microsoft Small Business
Server Premium Edition r2
- CA Business Protection Suite for Midsize Business for Windows
r2

Affected platforms:
Windows

Platforms NOT affected:
This version of DM Primer is not supported on any other
platforms.

Status and Recommendation:
Since this version of DM Primer is only utilized for the initial
installation of the products, the above vulnerabilities can be
addressed by simply removing the DM Primer Service after
deployment. To remove the DM Primer component follow the
instructions below:

dmprimer remove -f:

will force the removal of a local DM Primer service,

dmsweep -a1:remotecomp -dp:force

will force the removal of the DM Primer service from a remote
computer called remotecomp.

The dmsweep command will be available on the DM Deployment
machine (usually the host for the product manager with which it
was bundled). It can take a machine name, an ip address, or a
range of ip addresses. Some examples are:

dmsweep -a1:192.168.0.* -dp:force

will forcibly remove DM Primer from all machines on the
192.168.0.* subnet

dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force

will forcibly remove DM Primer from all machines in the range
192.168.0.1-192.168.0.100

dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force

will forcibly remove DM Primer from all machines in the range
192.168.0.1-192.168.0.100

Please refer to the FAQ for answers to commonly asked
questions.
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq

s.asp

References:
(note that URLs may wrap)
DM Deployment Common Component Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not

ice.asp

Frequently Asked Questions (FAQ) related to this security update
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq

s.asp

CA Security Advisor site advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756

CVE Reference: Pending
http://cve.mitre.org

OSVDB Reference: Pending
http://osvdb.org

Error Handling in DM Primer
http://www.designfolks.com.au/karma/DMPrimer/

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln (at) ca (dot) com [email concealed], or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln (at) ca (dot) com [email concealed], or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards,
Ken Williams ; 0xE2941985
Dir. Vuln Research
CA Vulnerability Research Team

CA, One Computer Associates Plaza. Islandia, NY 11749

Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus