CA BrightStor Hierarchical Storage Manager CsAgent
Security Notice

Last Updated: September 26, 2007

CA's technical support is alerting customers to security risks in BrightStor Hierarchical Storage Manager. Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking with multiple CsAgent service commands.

The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values with multiple CsAgent service commands, which can lead to buffer overflow.

The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.

An attacker can potentially execute arbitrary code and gain control of a host running Hierarchical Storage Manager.

Risk Rating


Affected Products

CA BrightStor Hierarchical Storage Manager r11.5

How to determine if the installation is affected

Run the BrightStor HSM Administrator GUI and open Help->About from the toolbar to view the version. If the version is less than 11.6, the installation is vulnerable.


CA has provided an update to address the vulnerabilities. Upgrade to BrightStor Hierarchical Storage Manager r11.6.

BrightStor Hierarchical Storage Manager r11.6:




CVE-2007-5082 - Multiple buffer overflows
CVE-2007-5083 - Multiple integer overflows
CVE-2007-5084 - Multiple SQL injection issues


CVE-2007-5082 - An anonymous researcher working with the iDefense VCP, Aaron Portnoy of DV Labs (
CVE-2007-5083 - Sean Larsson, iDefense Labs
CVE-2007-5084 - Aaron Portnoy of DV Labs (

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing