Security Notice for Alert Notification Server - CA Technologies
{{search ? 'Close':'Search'}}

Security Notice for Alert Notification Server

Issued: April 03, 2008

CA's Technical support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.

Risk Rating

High

Affected Products

CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows

How to determine if the installation is affected

For products on Windows:

  1. Using Windows Explorer, locate the file "alert.exe". By default, the file is located in the "C:Program FilesCASharedComponentsAlert" directory.
  2. Right click on the file and select Properties.
  3. Select the Version tab.
  4. If the file version is earlier than indicated in the below table, the installation is vulnerable.
Product File Version
CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise 8.1 Alert.exe 8.1.586.0
CA Threat Manager for the Enterprise r8 Alert.exe 8.0.450.0
CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8, BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1 Alert.exe 7.1.758.0

 

Solution

CA has provided updates to address the vulnerabilities.

CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8:
QO96079

CA Threat Manager for the Enterprise r8:
QO96387

CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise r8.1:
QO96080

BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1:
QO96079

BrightStor ARCserve Backup r11.0:
Upgrade to 11.1 and apply the latest patches.

Workaround

None

References

CVE-2007-4620 - Multiple Alert Notification Server buffer overflows

Acknowledgements

CVE-2007-4620 - An anonymous researcher working with the iDefense VCP

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at http://support.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/contact-information-for-ca-product-vulnerability-response-team.html.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing