[NT] ARCserveIT Storage Management Backup Account Password Disclosure

From: support@securiteam.com
Date: 10/05/01


From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] ARCserveIT Storage Management Backup Account Password Disclosure
Message-Id: <20011005135402.487B2138C2@mail.der-keiler.de>
Date: Fri,  5 Oct 2001 15:54:02 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  ARCserveIT Storage Management Backup Account Password Disclosure
------------------------------------------------------------------------

SUMMARY

 <http://www.ca.com/arcserveit/> ARCserveIT is a data protection
backup/restore application. The product suffers from a security problem
where the installation creates a world-readable file containing the backup
account username and password.

DETAILS

Vulnerable systems:
ARCserve for NT version 6.61 SP2a
ARCserve 2000 Advanced Edition version 7.0, build 1050, SP2

A file sharing security vulnerability has been found in Computer
Associates' ARCserveIT for Windows NT and 2000. By default the
installation creates a world-readable file that contains the backup
account username and password (a file called 'aremote.dmp' that resides
under ARCSERVE$\DR\<NAME of SERVER>\aremote.dmp).

The default installation of ARCserveIT for Microsoft Windows NT and 2000
also creates a hidden share ('ARCSERVE$') with share permissions that
allow the group EVERYONE to access this share.

Impact:
A remote attacker can access the shared directory and gain knowledge of
the backup account user name and password. This would be the administrator
account if the backup program is executed from the administrator account.

Solution:
Apply the following patch:
<http://support.ca.com/Download/patches/asitnt/QO00945.html>
http://support.ca.com/Download/patches/asitnt/QO00945.html

ADDITIONAL INFORMATION

The information has been provided by
<mailto:rdr@steelrat.kernelsutra.com> ron.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • Risks Digest 25.73
    ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
    (comp.risks)
  • Re: MBSA, Office Update, Versions, Failures
    ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ...
    (microsoft.public.officeupdate)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ...
    (microsoft.public.inetserver.iis.security)
  • [NEWS] Vulnerability Enables Passport Account Hijackings (No Secret Question)
    ... Beyond Security in Canada ... to promote the most advanced vulnerability assessment solutions today. ... A newly disclosed vulnerability could enable attackers to reset the ... who needs to reset his account password can be manipulated by attackers on ...
    (Securiteam)