BugTraq
CA Alert Notification Server Multiple Vulnerabilities Apr 04 2008 12:25PM
Williams, James K (James Williams ca com)


Title: CA Alert Notification Server Multiple Vulnerabilities

CA Advisory Date: 2008-04-03

Reported By: An anonymous researcher working with the iDefense VCP

Impact: A remote authenticated attacker can execute arbitrary code

or cause a denial of service condition.

Summary: CA Alert Notification Server service contains multiple

vulnerabilities that can allow a remote authenticated attacker to

execute arbitrary code or cause a denial of service condition. CA

has issued updates to address the vulnerabilities. The

vulnerabilities, CVE-2007-4620, are due to insufficient bounds

checking in multiple procedures. A remote authenticated attacker

or local user can exploit a buffer overflow to execute arbitrary

code or cause a denial of service.

Mitigating Factors: Remote attacker must have legitimate

authentication credentials.

Severity: CA has given these vulnerabilities a maximum risk rating

of High.

Affected Products:

CA Anti-Virus for the Enterprise 7.1

CA Threat Manager for the Enterprise (formerly eTrust Integrated

Threat Management) r8

CA Threat Manager for the Enterprise (formerly eTrust Integrated

Threat Management) r8.1

CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8

CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1

BrightStor ARCserve Backup r11.5

BrightStor ARCserve Backup r11.1

BrightStor ARCserve Backup r11 for Windows

Affected Platforms:

Windows

Status and Recommendation:

CA has provided updates to address the vulnerabilities.

CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the

Enterprise r8: QO96079

CA Threat Manager for the Enterprise r8: QO96387

CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the

Enterprise r8.1: QO96080

BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup

r11.1: QO96079

BrightStor ARCserve Backup r11.0: Upgrade to 11.1 and apply the

latest patches.

How to determine if you are affected:

For products on Windows:

1. Using Windows Explorer, locate the file "alert.exe". By

default, the file is located in the

"C:\Program Files\CA\SharedComponents\Alert" directory.

2. Right click on the file and select Properties.

3. Select the Version tab.

4. If the file version is earlier than indicated in the below

table, the installation is vulnerable.

Product File Version

CA Anti-Virus for the Enterprise r8.1 Alert.exe 8.1.586.0

CA Threat Manager for the Enterprise 8.1 Alert.exe 8.1.586.0

CA Threat Manager for the Enterprise r8 Alert.exe 8.0.450.0

CA Anti-Virus for the Enterprise 7.1 Alert.exe 7.1.758.0

CA Anti-Virus for the Enterprise r8 Alert.exe 7.1.758.0

BrightStor ARCserve Backup r11.5 Alert.exe 7.1.758.0

BrightStor ARCserve Backup r11.1 Alert.exe 7.1.758.0

Workaround: None

References (URLs may wrap):

CA Support:

http://support.ca.com/

Security Notice for Alert Notification Server

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1731
03

Solution Document Reference APARs:

QO96079, QO96387, QO96080, QO96079

CA Security Response Blog posting:

CA Alert Notification Server Multiple Vulnerabilities

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/
ca-alert-notification-server-multiple-vulnerabilities.aspx

Reported By:

An anonymous researcher working with the iDefense VCP

CVE References:

CVE-2007-4620

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620

OSVDB References: Pending

http://osvdb.org/

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,

please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your

findings to vuln AT ca DOT com, or utilize our "Submit a

Vulnerability" form.

URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/

Legal Notice http://www.ca.com/us/legal/

Privacy Policy http://www.ca.com/us/privacy/

Copyright (c) 2008 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus