Vulnerability Detail

CA ARCserve Backup for Laptops & Desktops rxrLogin, GetUserInfo() denial of service vulnerabilities

Date Discovered:
21 Sep 2007

Date Published:
21 Sep 2007

Last Updated:
21 Sep 2007

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 35674
Discovered By: Sean Larsson from VeriSign iDefense Labs & eEye Digital Security

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Remote attackers can cause a denial of service condition or execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

CA ARCserve Backup for Laptops & Desktops contains multiple vulnerabilities that can allow remote attackers to cause a denial of service condition or execute arbitrary code. These vulnerabilities are due to improper bounds checking on rxrLogin authentication credentials and on a username by the GetUserInfo(). Attackers can exploit these vulnerabilities to cause a denial of service condition or execute arbitrary code.

Recommendations

-------------------------------------------------------------------------------
For: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.0, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP1 x86 32 EN, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP2, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.5, CA BrightStor Mobile Backup - AdminGui 4, CA Desktop Management Suite r11 (build 11.0.8049) x86 32, CA Desktop Management Suite r11.2, CA Protection Suites - Protection Suite Server r2 x86 32, CA Unicenter DMS Manager - Backup Manager r11.1 (build 11.1.8124) x86 32

Please download and apply the respective patches from the below link:-

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Affected Technologies

Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.0
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP1 x86 32 EN
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP2
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.5
Computer Associates: CA BrightStor Mobile Backup - AdminGui 4
Computer Associates: CA Desktop Management Suite r11 (build 11.0.8049) x86 32
Computer Associates: CA Desktop Management Suite r11.2.2.4331
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32
Computer Associates: CA Unicenter DMS Manager - Backup Manager r11.1 (build 11.1.8124) x86 32

References

Computer Associates: caarcservebld
Mitre CVE: CVE-2007-5003

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools