Vulnerability Detail

CA ARCserve Backup for Laptops and Desktops rxRPC.dll arbitrary code execution vulnerability

Date Discovered:
21 Sep 2007

Date Published:
21 Sep 2007

Last Updated:
26 Jun 2008

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 35676
Discovered By: eEye Digital Security

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: A remote attacker can execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

CA BrightStor ARCserve Backup for Laptops and Desktops contains a vulnerability that can allow a remote attacker to execute arbitrary code. This vulnerability is due to insufficient verification of file uploads by rxRPC.dll. An attacker can exploit this vulnerability to execute arbitrary code.

Recommendations

-------------------------------------------------------------------------------
For: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.0, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP1 x86 32 EN, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP2, CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.5, CA BrightStor Mobile Backup - AdminGui 4, CA Desktop Management Suite r11 (build 11.0.8049) x86 32, CA Desktop Management Suite r11.2.2.4331, CA Protection Suites - Protection Suite Server r2 x86 32, CA Unicenter DMS Manager - Backup Manager r11.1 (build 11.1.8124) x86 32

Please download and apply the respective patches from the below link:-

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Affected Technologies

Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.0
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP1 x86 32 EN
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.1 SP2
Computer Associates: CA BrightStor ARCserve Backup for Laptops & Desktops - Server r11.5
Computer Associates: CA BrightStor Mobile Backup - AdminGui 4
Computer Associates: CA Desktop Management Suite r11 (build 11.0.8049) x86 32
Computer Associates: CA Desktop Management Suite r11.2.2.4331
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32
Computer Associates: CA Unicenter DMS Manager - Backup Manager r11.1 (build 11.1.8124) x86 32

References

Computer Associates: caarcservebld
Mitre CVE: CVE-2007-5005

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools