BugTraq
[CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities Sep 21 2007 06:46PM
Williams, James K (James Williams ca com)


Title: [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve

Backup for Laptops and Desktops Multiple Server Vulnerabilities

CA Vuln ID (CAID): 35673, 35674, 35675, 35676, 35677

CA Advisory Date: 2007-09-20

Reported By: Sean Larsson (VeriSign iDefense Labs)

anonymous researcher working with the iDefense VCP

eEye Digital Security

Impact: A remote attacker can execute arbitrary code or cause a

denial of service condition.

Summary: CA ARCserve Backup for Laptops and Desktops contains

multiple vulnerabilities that can allow a remote attacker to cause

a denial of service condition or execute arbitrary code. The first

set of vulnerabilities, CVE-2007-3216, occur due to insufficient

bounds checking on multiple command arguments by the LGServer

service. The second set of vulnerabilities, CVE-2007-5003, occur

due to insufficient bounds checking on rxrLogin authentication

credentials and on a username by the GetUserInfo() function. The

third vulnerability, CVE-2007-5004, occurs due to insufficient

verification of an integer value used during authentication, which

can lead to integer overflow. The fourth vulnerability,

CVE-2007-5005, occurs due to insufficient verification of file

uploads by the NetBackup service. The fifth vulnerability,

CVE-2007-5006, occurs due to insufficient verification of

authorization credentials, which can enable an attacker to bypass

authentication.

Mitigating Factors:

These issues can only be exploited on a server installation of CA

ARCserve Backup for Laptops and Desktops. The client installation

is not affected.

Severity: CA has given these vulnerabilities a maximum risk rating

of High.

Affected Products:

CA ARCserve Backup for Laptops and Desktops r11.5

CA ARCserve Backup for Laptops and Desktops r11.1 SP2

CA ARCserve Backup for Laptops and Desktops r11.1 SP1

CA ARCserve Backup for Laptops and Desktops r11.1

CA ARCserve Backup for Laptops and Desktops r11.0

CA ARCserve Backup for Laptops and Desktops r4.0

CA Desktop Management Suite 11.2

CA Desktop Management Suite 11.1

CA Desktop Management Suite 11.0

CA Protection Suites r2

Affected Platforms:

Windows

Status and Recommendation:

CA has provided updates to address the vulnerabilities.

CA ARCserve Backup for Laptops and Desktops (BMB) r4.0:

Apply QO91013.

CA ARCserve Backup for Laptops and Desktops 11.1:

Apply QO91014.

CA Desktop Management Suite 11.1:

Apply QO91016.

CA Desktop Management Suite 11.2 English:

Apply QO91110.

CA ARCserve Backup for Laptops and Desktops 11.5:

Apply QO91015.

CA Desktop Management Suite 11.2 localized:

Apply QO91111.

How to determine if you are affected:

For Windows:

1. Using Windows Explorer, locate the file "rxRPC.dll". The file

can be found in the following default locations:

Products \ Directory Paths

--------------------------

CA ARCserve Backup for Laptops and Desktops 11.5

C:\Program Files\CA\BrightStor ARCserve Backup for Laptops &

Desktops\Explorer

CA ARCserve Backup for Laptops and Desktops 11.1

C:\Program Files\CA\BrightStor ARCserve Backup for Laptops &

Desktops\server

CA ARCserve Backup for Laptops and Desktops (BMB) r4.0

C:\Program Files\CA\BrightStor Mobile Backup\Server

CA Desktop Management Suite 11.2 English

C:\Program Files\CA\DSM\BABLD\MGUI

CA Desktop Management Suite 11.2 localized

C:\Program Files\CA\DSM\BABLD\MGUI

CA Desktop Management Suite 11.1

C:\Program Files\CA\Unicenter DSM\BABLD\Manager

2. Right click on the file and select Properties.

3. Select the General tab.

4. If the file date is earlier than indicated in the table below,

the installation is vulnerable.

Product \ File Name \ File Date / Size

----------------------------------------

CA ARCserve Backup for Laptops and Desktops 11.5

rxRPC.dll

June 25 2007 / 135168 bytes

CA ARCserve Backup for Laptops and Desktops 11.1

rxRPC.dll

June 20 2007 / 114688 bytes

CA ARCserve Backup for Laptops and Desktops (BMB) r4.0

rxRPC.dll

June 18 2007 / 106496 bytes

CA Desktop Management Suite 11.2 English

rxRPC.dll

June 25 2007 / 126976 bytes

CA Desktop Management Suite 11.2 localized

rxRPC.dll

July 03 2007 / 135168 bytes

CA Desktop Management Suite 11.1

rxRPC.dll

July 03 2007 / 122880 bytes

Workaround: None

References (URLs may wrap):

CA SupportConnect:

http://supportconnect.ca.com/

CA ARCserve Backup for Laptops and Desktops Server Security Notice

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcserveb
ld-securitynotice.asp

Solution Document Reference APARs:

QO91013, QO91014, QO91016, QO91110, QO91015, QO91111

CA Security Advisor posting:

CA ARCserve Backup for Laptops and Desktops Multiple Server

Vulnerabilities

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

CA Vuln ID (CAID): 35673, 35674, 35675, 35676, 35677

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677

Reported By: Sean Larsson (VeriSign iDefense Labs)

anonymous researcher working with the iDefense VCP

eEye Digital Security

iDefense advisory:

http://labs.idefense.com/intelligence/vulnerabilities/

eEye advisory:

Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops

http://research.eeye.com/html/advisories/published/AD20070920.html

CVE References:

CVE-2007-3216, CVE-2007-5003, CVE-2007-5004, CVE-2007-5005,

CVE-2007-5006

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3216

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5003

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5004

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5005

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5006

OSVDB References: Pending

http://osvdb.org/

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,

please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your

findings to vuln AT ca DOT com, or utilize our "Submit a

Vulnerability" form.

URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/

Legal Notice http://www.ca.com/us/legal/

Privacy Policy http://www.ca.com/us/privacy/

Copyright (c) 2007 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus