Security Notice for CA products running the Alert service - CA Technologies
{{search ? 'Close':'Search'}}

Security Notice for CA products running the Alert service

Issued: July 17th, 2007
Updated: April 10th, 2009

CA's customer support is alerting customers to security risks in CA products that implement the Alert service. Multiple vulnerabilities exist that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued an update to address the vulnerabilities.

The vulnerabilities, CVE-2007-3825, are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can cause a buffer overflow, which can lead to arbitrary code execution or service failure.

Risk Rating

High

Affected Products

CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01

How to determine if the installation is affected

For products on Windows:

  1. Using Windows Explorer, locate the file "alert.exe". By default, the file is located in the "C:Program FilesCASharedComponentsAlert" directory.

  2. Right click on the file and select Properties.

  3. Select the Version tab.

  4. If the file version is earlier than indicated in the below table, the installation is vulnerable.

    ProductFile NameFile Version
    CA Threat Manager for the Enterprise, CA Anti-Virus for the Enterprisealert.exe8.0.255.0
    BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1alert.exe7.1.758.0

Solution

This security notice has been superseded by the following notice:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

CA has provided an update to address the vulnerabilities. The updated Alert service must be manually installed.

For CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8, CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8, CA Protection Suites r3: apply QO89817.

For ARCserve Backup and Enterprise Backup, apply Q096079.

Workaround

As a temporary workaround, disable the Alert Notification Server service. Please note that the following alert functionality will be disabled:

  • Email, Printer, SNMP, SMTP, and broadcast alerts

  • Any configured alerts

  • Alerts configured for reports and Server Admin

References

CVE-2007-3825 Multiple Alert buffer overflows

Acknowledgement

CVE-2007-3825 - An anonymous researcher working with the iDefense VCP.

Change History

Version 1.0: Initial Release
Version 1.1: Added CA Anti-Virus for the Enterprise to Affected Products
Version 1.2: Removed BrightStor ARCserve Client agent for Windows from Affected Products
Version 1.3: Changed solution information for BrightStor ARCserve Backup
Version 1.4: Updated ARCserve Backup and Enterprise Backup solution information
Version 1.5: Added ARCserve Backup file version and supersedes information

If additional information is required, please contact CA Technical Support at http://support.ca.com.

If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing