[Full-disclosure] CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

From: Williams, James K (James.Williams_at_ca.com)
Date: 08/02/05

  • Next message: phrackstaff_at_phrack.org: "[Full-disclosure] Phrack #63 release is OUT"
    Date: Tue, 2 Aug 2005 15:09:58 -0400
    To: <full-disclosure@lists.grok.org.uk>
    
    

    Title: Computer Associates BrightStor ARCserve/Enterprise Backup
    Agents buffer overflow vulnerability

    CA Vulnerability ID: 33239

    Discovery Date: 2005-04-25

    Disclosure Date: 2005-08-02

    Discovered By: iDEFENSE

    Impact: A remote attacker can execute arbitrary code with SYSTEM
    privileges.

    Summary: Computer Associates BrightStor ARCserve Backup and
    BrightStor Enterprise Backup Agents for Windows contain a
    stack-based buffer overflow vulnerability. The vulnerability may
    allow remote attackers to execute arbitrary code with SYSTEM
    privileges, or cause a denial of service condition. The buffer
    overflow is the result of improper bounds checking performed on
    data sent to port 6070.

    Severity: Computer Associates has given this vulnerability a
    High risk rating.

    Affected Technologies: This vulnerability exists in the
    following BrightStor ARCserve Backup and BrightStor Enterprise
    Backup application agents:

    BrightStor ARCserve Backup r11.1:
    - BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
    - BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
    - BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
    - BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange
      Premium Add-on for Windows

    BrightStor ARCserve Backup r11.0:
    - BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
    - BrightStor ARCserve Backup Release 11 Agent for Oracle for
      Windows
    - BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for
      Windows
    - BrightStor ARCserve Backup Release 11 Agent for Microsoft
      Exchange Premium Add-on for Windows

    BrightStor ARCserve Backup v9.01
    - BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
    - BrightStor ARCserve Backup Version 9 Agent for Oracle for
      Windows
    - BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for
      Windows

    BrightStor Enterprise Backup 10.5
    - BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
    - BrightStor Enterprise Backup v10.5 Agent for Oracle for
      Windows
    - BrightStor Enterprise Backup v10.5 Serverless Backup Agent for
      Oracle for Windows
    - BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC
      Timefinder for Windows
    - BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for
      NT/2000

    BrightStor Enterprise Backup 10
    - BrightStor Enterprise Backup Agent for SQL for Windows
    - BrightStor Enterprise Backup Agent for Oracle for Windows
    - BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and
      SQL on Windows
    - BrightStor Enterprise Backup Agent for Oracle for EMC
      Timefinder for Windows
    - BrightStor Enterprise Backup Serverless Backup Agent for
      Oracle for Windows

    Status: Security updates that completely remediate this
    vulnerability issue are available for all affected products.

    Recommendation (note that URLs may wrap):
    Apply the appropriate security update(s).
    BrightStor ARCserve Backup r11.1 for Windows:
    http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767&
    startsearch=1
    BrightStor ARCserve Backup r11.0 for Windows:
    http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&
    startsearch=1
    BrightStor ARCserve Backup v9.01 for Windows:
    http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&
    startsearch=1
    BrightStor Enterprise Backup v10.5 for Windows:
    http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&
    startsearch=1
    BrightStor Enterprise Backup v10.0 for Windows:
    http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&
    startsearch=1

    CVE Reference: Pending

    OSVDB Reference: Pending

    Advisory URLs (note that URLs may wrap):

    CA Security Advisor site
    http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239

    E-News: BrightStor Storage Newsletter v05.11 August 2nd, 2005
    http://supportconnectw.ca.com/public/enews/BrightStor/brig080205.asp

    Should you require additional information, please contact CA
    Technical Support at http://supportconnect.ca.com.

    Respectfully,

    Ken Williams ; Dir. Vuln Research
    Computer Associates ; 0xE2941985

    Computer Associates International, Inc. (CA).
    One Computer Associates Plaza. Islandia, NY 11749
            
    Contact Us http://ca.com/catalk.htm
    Legal Notice http://ca.com/calegal.htm
    Privacy Policy http://ca.com
    Copyright 2005 Computer Associates International, Inc.
    All rights reserved
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: phrackstaff_at_phrack.org: "[Full-disclosure] Phrack #63 release is OUT"

    Relevant Pages