Vulnerability Detail

CA BrightStor Hierarchical Storage Manager CsAgent arbitrary code execution vulnerabilities

Date Discovered:
26 Sep 2007

Date Published:
27 Sep 2007

Last Updated:
27 Sep 2007

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 35690
Discovered By: iDefense VCP, Aaron Portnoy of DV Labs

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Remote attackers can cause a denial of service condition or execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

CA Hierarchical storage manager contains multiple vulnerabilities that can allow remote attackers to cause a denial of service condition or execute arbitrary code. These vulnerabilities are due to insufficient bounds checking on multiple CsAgent service commands. Attackers can exploit these vulnerabilities to cause a denial of service condition or execute arbitrary code.

Recommendations

-------------------------------------------------------------------------------
For: CA BrightStor Hierarchical Storage Manager r11.5

Please upgrade to BrightStor Hierarchical Storage Manager r11.6 using the below link:

http://supportconnectw.ca.com/premium/bstorhsm/downloads/BHSMr11_6.zip

Affected Technologies

Computer Associates: CA BrightStor Hierarchical Storage Manager r11.5

References

Computer Associates: bstorhsm-secnot
Mitre CVE: CVE-2007-5082

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools