BugTraq
[CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities Jan 24 2007 03:54PM
Williams, James K (James Williams ca com)


Title: [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and

Desktops Multiple Overflow Vulnerabilities

CA Vuln ID (CAID): 34993

CA Advisory Date: 2007-01-23

Discovered By: Next Generation Security Software

Impact: Remote attacker can cause a denial of service or execute

arbitrary code.

Summary: CA BrightStor ARCserve Backup for Laptops and Desktops

contains multiple overflow conditions that can allow a remote

attacker to cause a denial of service, or execute arbitrary code

with local SYSTEM privileges on Windows.

Mitigating Factors: None.

Severity: CA has given these vulnerability issues a High risk

rating.

Affected Products:

BrightStor Products:

BrightStor ARCserve Backup for Laptops and Desktops r11.1 SP1

BrightStor ARCserve Backup for Laptops and Desktops r11.1

BrightStor ARCserve Backup for Laptops and Desktops r11.0

BrightStor Mobile Backup r4.0

CA Protection Suites r2:

CA Desktop Protection Suite r2

CA Business Protection Suite r2

CA Business Protection Suite for Microsoft Small Business

Server Standard Edition r2

CA Business Protection Suite for Microsoft Small Business

Server Premium Edition r2

CA Desktop Management Suite:

DMS r11.0

DMS r11.1

Affected platforms:

Microsoft Windows

Status and Recommendation:

Customers with vulnerable versions of the BrightStor ARCserve

Backup Laptops & Desktops product should upgrade to the latest

versions, which are available for download from

http://supportconnect.ca.com.

BABLD r11.1 SP2 â?? SP2 does not contain the vulnerability, so there

is no fix to apply.

BABLD r11.1 SP1 - QO83833

BABLD r11.0 - QI85497

DMS r11.1 - QO85401

DMS r11.0 - QI85423

BMB r4.0 - QO85402

Determining if you are affected:

Refer to the appropriate APAR for details.

References (URLs may wrap):

CA SupportConnect:

http://supportconnect.ca.com/

CA SupportConnect Security Notice for this vulnerability:

Important Security Notice for BrightStor ARCserve Backup for

Laptops & Desktops

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec
-notice.asp

Solution Document Reference APARs:

QO83833, QI85497, QO85401, QI85423, QO85402

CA Security Advisor posting:

CA BrightStor ARCserve Backup for Laptops and Desktops Multiple

Overflow Vulnerabilities

http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696

CAID: 34993

CAID Advisory link:

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34993

Discoverer: Next Generation Security Software

Next Generation Security Software advisories:

http://www.ngssoftware.com/

CVE Reference: CVE-2007-0449

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0449

OSVDB Reference: OSVDB ID: 31593

http://osvdb.org/31593

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,

please send email to vuln (at) ca (dot) com. [email concealed]

If you discover a vulnerability in CA products, please report

your findings to vuln (at) ca (dot) com [email concealed], or utilize our "Submit a

Vulnerability" form.

URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749

Contact http://www3.ca.com/contact/

Legal Notice http://www3.ca.com/legal/

Privacy Policy http://www3.ca.com/privacy/

Copyright (c) 2007 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus