On March 15, 2007, CA published a security notice to address multiple vulnerabilities in BrightStor ARCserve Backup.
Title: [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities
CA Vuln ID (CAID): 34817, 35058, 35158, 35159
CA Advisory Date: 2007-03-15
Reported By: McAfee
Impact: Remote attackers can cause a denial of service or potentially execute arbitrary code.
Summary: CA BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2006-6076, is due to insufficient bounds checking in the Tape Engine, which can result in a buffer overflow and arbitrary code execution. The second vulnerability, CVE-2007-0816, is related to how invalid parameters are handled by the portmapper (catirpc.dll) service. By sending a specially crafted request, a remote attacker can crash the service. The third vulnerability, CVE-2007-1447, is due to a memory corruption issue that occurs during processing of RPC procedure arguments by the Tape Engine. The vulnerability can result in a denial of service, and can potentially be exploited to execute arbitrary code. The fourth vulnerability, CVE-2007-1448, is due to the presence of an RPC function that, when called, will disable the Tape Engine interface. A remote attacker can make a request that will effectively shut down Tape Engine functionality.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products:
BrightStor Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Protection Suites r2:
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
Affected Platforms:
Windows
Status and Recommendation:
Customers using vulnerable versions of BrightStor ARCserve Backup should upgrade with the latest patches, which are available for download from http://supportconnect.ca.com.
BrightStor ARCserve Backup r11.5 - QO86255
BrightStor ARCserve Backup r11.1 - QO86258
BrightStor ARCserve Backup r11.0 - QI82917
BrightStor Enterprise Backup r10.5 - QO86259
BrightStor ARCserve Backup v9.01 - QO86260
How to determine if the installation is affected:
1. Using Windows Explorer, locate the files "tapeng.dll" and "catirpc.dll". By default, the files are located in the "C:\Program Files\CA\BrightStor ARCserve Backup" directory.
2. Right click on each of the files and select Properties.
3. Select the General tab.
4. If either file timestamp is earlier than what is indicated in the table below, the installation is vulnerable.
| File Name | Timestamp | File Size |
| catirpc.dll | 02/12/2007 10:55:14 | 102400 bytes |
| tapeeng.dll | 02/02/2007 17:05:00 | 876627 bytes |
Workaround:
To reduce exposure, block unauthorized access to ports 6502 (TCP) and 111 (UDP).
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Security Notice for BrightStor ARCserve Backup Tape Engine and Portmapper
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
Solution Document Reference APARs:
QO86255, QO86258, QI82917, QO86259, QO86260
CA Security Advisor posting:
CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
CAID: 34817, 35058, 35158, 35159
CAID Advisory links:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35058
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35158
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35159
Reported By: McAfee
McAfee advisory:
http://www.mcafee.com/us/threat_center/security_advisories.html
CVE References: CVE-2006-6076, CVE-2007-0816, CVE-2007-1447, CVE-2007-1448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1448
OSVDB Reference: OSVDB-32989, OSVDB-32990, OSVDB-32991, OSVDB-30637
http://osvdb.org/32989
http://osvdb.org/32990
http://osvdb.org/32991
http://osvdb.org/30637
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx