Vulnerability Detail

CA BrightStor Hierarchical Storage Manager CsAgent arbitrary code execution vulnerabilities

Date Discovered:
26 Sep 2007

Date Published:
27 Sep 2007

Last Updated:
27 Sep 2007

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 35692
Discovered By: Aaron Portnoy of DV Labs

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Remote attackers can cause a denial of service condition or execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

CA Hierarchical storage manager contains multiple vulnerabilities that can allow remote attackers to cause a denial of service condition or execute arbitrary code. These vulnerabilities are due to improper validation of strings used in SQL statements in multiple CsAgent commands. Attackers can exploit these vulnerabilities to cause a denial of service condition or execute arbitrary code.

Recommendations

-------------------------------------------------------------------------------
For: CA BrightStor Hierarchical Storage Manager r11.5

Please upgrade to BrightStor Hierarchical Storage Manager r11.6 using the below link:

http://supportconnectw.ca.com/premium/bstorhsm/downloads/BHSMr11_6.zip

Affected Technologies

Computer Associates: CA BrightStor Hierarchical Storage Manager r11.5

References

Computer Associates: bstorhsm-secnot
Mitre CVE: CVE-2007-5084

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools