Security Notice for CA ARCserve Backup for Laptops and Desktops Server - CA Technologies
{{search ? 'Close':'Search'}}

CA ARCserve Backup for Laptops and Desktops Server
Security Notice

Issued: September 20, 2007
Updated: July 23, 2008

CA's technical support is alerting customers to security risks in CA ARCserve Backup for Laptops and Desktops Server, CA Desktop Management Suite, and CA Protection Suites. Multiple vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The first set of vulnerabilities, CVE-2007-3216, occur due to insufficient bounds checking on multiple command arguments by the LGServer service.

The second set of vulnerabilities, CVE-2007-5003, occur due to insufficient bounds checking on rxrLogin authentication credentials and on a username by the GetUserInfo() function.

The third vulnerability, CVE-2007-5004, occurs due to insufficient verification of an integer value used during authentication, which can lead to integer overflow.

The fourth vulnerability, CVE-2007-5005, occurs due to insufficient verification of file uploads by rxRPC.dll.

The fifth vulnerability, CVE-2007-5006, occurs due to insufficient verification of authorization credentials, which can enable an attacker to bypass authentication.

In most cases, an attacker can potentially gain complete control of an affected installation. Additionally, only the server installation of BrightStor ARCserve Backup for Laptops and Desktops is affected. The client installation is not affected.

Risk Rating

High

Affected Products

CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA ARCserve Backup for Laptops and Desktops r4.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
CA Desktop Management Suite 11.0
CA Protection Suites r2

How to determine if the installation is affected

For Windows:

  1. Using Windows Explorer, locate the file "rxRPC.dll". The file can be found in the following default locations:

    ProductDirectory Path
    CA ARCserve Backup for Laptops and Desktops 11.5C:Program FilesCABrightStor ARCserve Backup for Laptops and DesktopsServer
    CA ARCserve Backup for Laptops and Desktops 11.1C:Program FilesCABrightStor ARCserve Backup for Laptops & Desktopsserver
    CA ARCserve Backup for Laptops and Desktops (BMB) r4.0C:Program FilesCABrightStor Mobile BackupServer
    CA Desktop Management Suite 11.2 EnglishC:Program FilesCAUnicenter DSMBABLDServer
    CA Desktop Management Suite 11.2 localizedC:Program FilesCAUnicenter DSMBABLDServer
    CA Desktop Management Suite 11.1C:Program FilesCAUnicenter DSMBABLDServer


  2. Right click on the file and select Properties.

  3. Select the General tab.

  4. If the file date is earlier than indicated in the below table, the installation is vulnerable.

    ProductFile NameFile Date / Size
    CA ARCserve Backup for Laptops and Desktops 11.5rxRPC.dllJune 25 2007 / 135168 bytes
    CA ARCserve Backup for Laptops and Desktops 11.1rxRPC.dllJune 20 2007 / 114688 bytes
    CA ARCserve Backup for Laptops and Desktops (BMB) r4.0rxRPC.dllJune 18 2007 / 106496 bytes
    CA Desktop Management Suite 11.2 EnglishrxRPC.dllJune 25 2007 / 126976 bytes
    CA Desktop Management Suite 11.2 localizedrxRPC.dllJuly 03 2007 / 135168 bytes
    CA Desktop Management Suite 11.1rxRPC.dllJuly 03 2007 / 122880 bytes

Solution

CA has provided updates to address the vulnerabilities.

CA ARCserve Backup for Laptops and Desktops (BMB) r4.0:
QO91013

CA ARCserve Backup for Laptops and Desktops 11.1:
QO91014

CA Desktop Management Suite 11.1:
QO91016

CA Desktop Management Suite 11.2 English:
QO91110

CA ARCserve Backup for Laptops and Desktops 11.5:
QO91015

CA Desktop Management Suite 11.2 localized:
QO91111

CA ARCserve Backup for Laptops and Desktops 11.0:
Upgrade to ARCserve Backup for Laptops and Desktops version 11.1 and apply the latest patches.
QI85497

CA Desktop Management Suite 11.0:
Upgrade to Desktop Management Suite version 11.1 and apply the latest patches.
QI85423

Workaround

None

References

CVE-2007-3216 - Multiple rx command buffer overflows.
CVE-2007-5003 - Authentication and GetUserInfo() buffer overflows.
CVE-2007-5004 - Authentication integer overflow.
CVE-2007-5005 - rxRPC.dll file upload.
CVE-2007-5006 - Authentication bypass.

Acknowledgements

CVE-2007-3216 - An anonymous researcher working with the iDefense VCP and eEye Digital Security
CVE-2007-5003 - Sean Larsson (VeriSign iDefense Labs), an anonymous researcher working with the iDefense VCP, and eEye Digital Security
CVE-2007-5004 - eEye Digital Security
CVE-2007-5005 - eEye Digital Security
CVE-2007-5006 - An anonymous researcher working with the iDefense VCP.

Change History

Version 1.0: Initial Release.
Version 1.1: Added solution information for CA ARCserve Backup for Laptops and Desktops 11.0 and CA Desktop Management Suite 11.0.
Version 1.2: Updated description, reference information.
Version 1.3: Updated multiple Directory Paths in the "How to determine if the installation is affected" section.

If additional information is required, please contact CA Technical Support at https://support.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at https://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing