View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA BrightStor ARCserve Backup RPC Server service (catirpc.exe) denial of service vulnerability

Date Discovered:
9 Feb 2007

Date Published:
12 Feb 2007

Last Updated:
3 Apr 2007

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  High
Simplicity:  Medium

Characteristics

Vulnerability ID:  35058
Discovered By:  Anonymous

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can cause a denial of service condition.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA BrightStor ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service condition. The vulnerability is due to improper handling of invalid parameters by the portmapper service. An attacker can send a specially malformed request to cause a denial of service condition.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA Brightstor ARCserve Backup Client Agent v9.01 for Windows, CA BrightStor ARCserve Backup for Windows r11, CA BrightStor ARCserve Backup for Windows r11.1, CA BrightStor ARCserve Backup for Windows r11.5, CA Brightstor Enterprise Backup v10.5 for Windows, CA Protection Suites - Protection Suite Server r2 x86 32

Please download and apply the Fixes from the following link:

http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp

-------------------------------------------------------------------------------
For: CA Brightstor ARCserve Backup Client Agent v9.01 for Windows, CA BrightStor ARCserve Backup for Windows r11, CA BrightStor ARCserve Backup for Windows r11.1, CA BrightStor ARCserve Backup for Windows r11.5, CA Brightstor Enterprise Backup v10.5 for Windows, CA Protection Suites - Protection Suite Server r2 x86 32

Please restrict unauthorized access to ports 6502 (TCP) and 111 (UDP).

Back to top

Affected Technologies

Computer Associates: BrightStor ARCserve Backup v9.01 Client Agent for Windows
Computer Associates: CA BrightStor ARCserve Backup for Windows r11
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.1
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.5
Computer Associates: CA Brightstor Enterprise Backup v10.5 for Windows
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32

Back to top

References

CA: babtapeng-security
Mitre CVE: CVE-2007-0816

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare