[NT] ARCserveIT Storage Management Backup Account Password Disclosure
From: support@securiteam.comDate: 10/05/01
- Previous message: support@securiteam.com: "[EXPL] 3Com OfficeConnect 812/840 Router DoS Exploit Code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NT] ARCserveIT Storage Management Backup Account Password Disclosure Message-Id: <20011005135402.487B2138C2@mail.der-keiler.de> Date: Fri, 5 Oct 2001 15:54:02 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
ARCserveIT Storage Management Backup Account Password Disclosure
------------------------------------------------------------------------
SUMMARY
<http://www.ca.com/arcserveit/> ARCserveIT is a data protection
backup/restore application. The product suffers from a security problem
where the installation creates a world-readable file containing the backup
account username and password.
DETAILS
Vulnerable systems:
ARCserve for NT version 6.61 SP2a
ARCserve 2000 Advanced Edition version 7.0, build 1050, SP2
A file sharing security vulnerability has been found in Computer
Associates' ARCserveIT for Windows NT and 2000. By default the
installation creates a world-readable file that contains the backup
account username and password (a file called 'aremote.dmp' that resides
under ARCSERVE$\DR\<NAME of SERVER>\aremote.dmp).
The default installation of ARCserveIT for Microsoft Windows NT and 2000
also creates a hidden share ('ARCSERVE$') with share permissions that
allow the group EVERYONE to access this share.
Impact:
A remote attacker can access the shared directory and gain knowledge of
the backup account user name and password. This would be the administrator
account if the backup program is executed from the administrator account.
Solution:
Apply the following patch:
<http://support.ca.com/Download/patches/asitnt/QO00945.html>
http://support.ca.com/Download/patches/asitnt/QO00945.html
ADDITIONAL INFORMATION
The information has been provided by
<mailto:rdr@steelrat.kernelsutra.com> ron.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] 3Com OfficeConnect 812/840 Router DoS Exploit Code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
