SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  BrightStor ARCserve Vendors:  Computer Associates
CA BrightStor ARCserve/Enterprise Backup Agents Buffer Overflow Lets Remote Users Gain System Privileges
SecurityTracker Alert ID:  1014611
SecurityTracker URL:  http://securitytracker.com/id?1014611
CVE Reference:  CAN-2005-1272   (Links to External Site)
Updated:  Aug 9 2005
Original Entry Date:  Aug 2 2005
Impact:  Denial of service via network, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Advisory:  Computer Associates Advisory
Version(s): 9.01, 10, 10.5, 11.0, 11.1
Description:  Computer Associates reported a vulnerability in BrightStor ARCserve/Enterprise Backup Agents. A remote user can execute arbitrray code on the target system.

The agent software does not properly validate user-supplied input. A remote user can send a specially crafted packet that is longer than 3168 bytes to port 6070 on the target system to trigger a buffer overflow. This may cause a denial of service condition or may cause arbitrary code to be executed with System privileges.

The following specific versions are affected.

BrightStor ARCserve Backup r11.1:
- BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
- BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
- BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
- BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange Premium Add-on for Windows

BrightStor ARCserve Backup r11.0:
- BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
- BrightStor ARCserve Backup Release 11 Agent for Oracle for Windows
- BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for Windows
- BrightStor ARCserve Backup Release 11 Agent for Microsoft Exchange Premium Add-on for Windows

BrightStor ARCserve Backup v9.01
- BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
- BrightStor ARCserve Backup Version 9 Agent for Oracle for Windows
- BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for Windows

BrightStor Enterprise Backup 10.5
- BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for Windows
- BrightStor Enterprise Backup v10.5 Serverless Backup Agent for Oracle for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC Timefinder for Windows
- BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for NT/2000

BrightStor Enterprise Backup 10
- BrightStor Enterprise Backup Agent for SQL for Windows
- BrightStor Enterprise Backup Agent for Oracle for Windows
- BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and SQL on Windows
- BrightStor Enterprise Backup Agent for Oracle for EMC Timefinder for Windows
- BrightStor Enterprise Backup Serverless Backup Agent for Oracle for Windows

The vendor was notified on April 25, 2005.

The vendor credits iDEFENSE with discovering this vulnerability.
Impact:  A remote user can cause denial of service conditions.

A remote user can execute arbitrary code with System level privileges.
Solution:  The vendor has issued the following fixes.

BrightStor ARCserve Backup r11.1 for Windows:

http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO71010

BrightStor ARCserve Backup r11.0 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&startsearch=1

BrightStor ARCserve Backup v9.01 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&startsearch=1

BrightStor Enterprise Backup v10.5 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&startsearch=1

BrightStor Enterprise Backup v10.0 for Windows:

http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&startsearch=1

The vendor reports that the original patch for BrightStor ARCserve Backup r11.1 Agent for Windows (QO70767) did not fully correct the vulnerability. The URL listed above is for the updated patch (QO71010).
Vendor URL:  www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239 (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  "Williams, James K" <James.Williams@ca.com>
Message History:   None.

 Source Message Contents
Date:  Tue, 2 Aug 2005 15:00:36 -0400
From:  "Williams, James K" <James.Williams@ca.com>
Subject:  CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

 
Title: Computer Associates BrightStor ARCserve/Enterprise Backup 
Agents buffer overflow vulnerability
 
CA Vulnerability ID: 33239
 
Discovery Date: 2005/04/25
 
Disclosure Date: 2005/08/02
 
Discovered By: iDEFENSE
 
Impact: A remote attacker can execute arbitrary code with SYSTEM 
privileges.
 
Summary: Computer Associates BrightStor ARCserve Backup and 
BrightStor Enterprise Backup Agents for Windows contain a 
stack-based buffer overflow vulnerability. The vulnerability may 
allow remote attackers to execute arbitrary code with SYSTEM 
privileges, or cause a denial of service condition. The buffer 
overflow is the result of improper bounds checking performed on 
data sent to port 6070. 
 
Severity: Computer Associates has given this vulnerability a 
High risk rating.
 
Affected Technologies: This vulnerability exists in the 
following BrightStor ARCserve Backup and BrightStor Enterprise 
Backup application agents:
 
BrightStor ARCserve Backup r11.1:
- BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
- BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
- BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
- BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange 
  Premium Add-on for Windows
 
BrightStor ARCserve Backup r11.0:
- BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
- BrightStor ARCserve Backup Release 11 Agent for Oracle for 
  Windows
- BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for 
  Windows
- BrightStor ARCserve Backup Release 11 Agent for Microsoft 
  Exchange Premium Add-on for Windows
 
BrightStor ARCserve Backup v9.01
- BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
- BrightStor ARCserve Backup Version 9 Agent for Oracle for 
  Windows 
- BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for 
  Windows 
 
BrightStor Enterprise Backup 10.5
- BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for 
  Windows
- BrightStor Enterprise Backup v10.5 Serverless Backup Agent for 
  Oracle for Windows
- BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC 
  Timefinder for Windows
- BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for 
  NT/2000
 
BrightStor Enterprise Backup 10
- BrightStor Enterprise Backup Agent for SQL for Windows
- BrightStor Enterprise Backup Agent for Oracle for Windows
- BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and 
  SQL on Windows
- BrightStor Enterprise Backup Agent for Oracle for EMC 
  Timefinder for Windows
- BrightStor Enterprise Backup Serverless Backup Agent for 
  Oracle for Windows
 
Status: Security updates that completely remediate this 
vulnerability issue are available for all affected products.
 
Recommendation (note that URLs may wrap): 
Apply the appropriate security update(s).
BrightStor ARCserve Backup r11.1 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767&
startsearch=1
BrightStor ARCserve Backup r11.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&
startsearch=1
BrightStor Enterprise Backup v10.5 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&
startsearch=1
BrightStor Enterprise Backup v10.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&
startsearch=1
 
CVE Reference: Pending
 
OSVDB Reference: Pending
 
Advisory URLs (note that URLs may wrap): 
 
CA Security Advisor site
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239
 
E-News: BrightStor Storage Newsletter v05.11 August 2nd, 2005
http://supportconnectw.ca.com/public/enews/BrightStor/brig080205.asp
 
 
Should you require additional information, please contact CA 
Technical Support at http://supportconnect.ca.com.
 
 
Respectfully,
 
Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985
 
 
Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
	
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC