CA ARCserve Backup Media Server
Last Updated: April 24, 2007
CA's technical support is alerting customers to multiple security risks with CA ARCserve Backup. Multiple vulnerabilities exist with the Media Server component that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
The first vulnerability, CVE-2007-1785, addresses an issue with the processing of an object handle.
The second vulnerability, CVE-2007-2139, is due to insufficient bounds checking.
In both cases, a remote unauthenticated attacker can execute arbitrary code with escalated privileges.
CA ARCserve Backup r11.5
CA ARCserve Backup r11.1
CA ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
CA ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
How to determine if the installation is affected
Using Windows Explorer, locate the file "mediasvr.exe".
- By default, the file is located in the "C:Program FilesCABrightStor ARCserve Backup" directory.
- Right click on the file and select Properties.
- Select the General tab.
- If the file timestamp is earlier than indicated in the below table, the installation is vulnerable.
|Product Version ||File Name ||Timestamp ||File Size |
|r11.5 SP3 ||mediasvr.exe ||04/03/2007 10:07:58 ||110592 |
|r11.5 SP2 ||mediasvr.exe ||04/03/2007 10:00:04 ||106496 |
|r11.1 ||mediasvr.exe ||04/03/2007 09:55:18 ||106496 |
|r10.5 ||mediasvr.exe ||04/03/2007 09:46:26 ||106496 |
|v9.01 ||mediasvr.exe ||04/03/2007 09:51:42 ||98304 |
CA has issued the following patches to address the vulnerabilities.
CA ARCserve Backup r11.5 SP3 - QO87569
CA ARCserve Backup r11.5 SP2 - QO87570
CA ARCserve Backup r11.1 - QO87573
CA ARCserve Backup r11.0 - QI82917
BrightStor Enterprise Backup r10.5 - QO87575
CA ARCserve Backup v9.01 - QO87574
CA recommends that CA ARCserve Backup users implement the following temporary workaround to mitigate the vulnerability:
- Rename the "mediasvr.exe" file to a non-functional file name, such as "mediasvc.exe.disable".
- Then restart the CA BrightStor Tape Engine service.
CVE-2007-1785 Media Server Object Handle
CVE-2007-2139 Media Server Buffer Overflow
CA thanks ZDI for reporting issue CVE-2007-2139.
Version 1.0: Initial Release
If additional information is required, please contact CA Technical Support at https://Support.ca.com
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.