[NEWS] CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 20 May 2008 08:55:07 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities
------------------------------------------------------------------------
SUMMARY
CA ARCserve Backup contains multiple vulnerabilities that can allow a
remote attacker to cause a denial of service or execute arbitrary code. CA
has issued patches to address the vulnerabilities. The first
vulnerability, CVE-2008-2241, is due to insufficient path verification by
the logging service, caloggerd. An attacker can append data to arbitrary
files, which can lead to system compromise. The second vulnerability,
CVE-2008-2242, is due to insufficient bounds checking by multiple xdr
functions. An attacker can cause an overflow and execute arbitrary code.
DETAILS
Vulnerable Systems:
* CA ARCserve Backup version r11.5 (formerly BrightStor ARCserve Backup
version r11.5)
* CA ARCserve Backup version r11.1 (formerly BrightStor ARCserve Backup
version r11.1)
* CA ARCserve Backup r11.0 (formerly BrightStor ARCserve Backup version
r11.0)
* CA Server Protection Suite version r2
* CA Business Protection Suite version r2
* CA Business Protection Suite for Microsoft Small Business Server
Standard Edition version r2
* CA Business Protection Suite for Microsoft Small Business Server
Premium Edition version r2
Immune Systems:
* CA ARCserve Backup version r12
* CA ARCserve Backup version r11.5 SP4
Impact:
A remote attacker can cause a denial of service or execute arbitrary code.
Status and Recommendation:
CA has issued the following patches and upgrades to address the
vulnerabilities.
CA ARCserve Backup r11.5 Windows: QO92996
CA ARCserve Backup r11.1 Windows: QO92849
CA ARCserve Backup r11.0 Windows: Upgrade to 11.1 and apply the latest
patches.
CA Protection Suites r2: QO92996
The issues can also be addressed by applying CA ARCserve Backup 11.5 SP4
for Windows: QO99129
For CA ARCserve Backup r11.5 and r11.1 on UNIX and Linux based platforms,
upgrade to 11.5 SP3.
Note: The upgrade for 11.1 requires new license keys, which are available
for free until December 31, 2008. Visit the following
link for more information.
<https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=172649> https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=172649
CA ARCserve Backup r11.5 Linux/x86/IA-64/x86_64: QO89980
CA ARCserve Backup r11.5 Tru64: QO89985
CA ARCserve Backup r11.5 HP-UX: QO89984
CA ARCserve Backup r11.5 Solaris: QO89982
CA ARCserve Backup r11.5 AIX: QO89981
CA ARCserve Backup r11.5 Linux/s390: QO89983
CA ARCserve Backup r11.1 Linux/x86/IA-64/x86_64: QO89980
CA ARCserve Backup r11.1 Tru64: QO89985
CA ARCserve Backup r11.1 HP-UX: QO89984
CA ARCserve Backup r11.1 Solaris: QO89982
CA ARCserve Backup r11.1 AIX: QO89981
CA ARCserve Backup r11.1 Linux/s390: QO89983
How to determine if you are affected:
For Windows:
1. Using Windows Explorer, locate the file "caloggerd.exe". By default,
the file is located in the "C:\Program Files\CA\BrightStor ARCserve
Backup" directory.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the below table, the
installation is vulnerable.
Product Version File Name Timestamp File Size
11.5 caloggerd.exe 05/18/2007 10:55:48 299008 bytes
11.1 caloggerd.exe 05/18/2007 11:30:52 286720 bytes
* For Protection Suites r2 , use the file timestamp for CA ARCserve Backup
r11.5.
For Linux/x86/IA-64/x86_64, Tru64, HP-UX, Solaris, Linux/s390:
Examine the file RELVERSION to determine the version. This can be done
with the following command from a shell:
cat $BAB_HOME/data/RELVERSION
If the build number is below 2427, the installation is vulnerable.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2241>
CVE-2008-2241 and CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2242>
CVE-2008-2242
ADDITIONAL INFORMATION
The information has been provided by <mailto:James.Williams@xxxxxx>
Williams, James K.
The original article can be found at:
<https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798> https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Vulnerabilities in Microsoft Malware Protection Engine Allow Denial of Service (MS08-029)
- Next by Date: [NT] Foxit Reader "util.printf()" Buffer Overflow
- Previous by thread: [NT] Vulnerabilities in Microsoft Malware Protection Engine Allow Denial of Service (MS08-029)
- Next by thread: [NT] Foxit Reader "util.printf()" Buffer Overflow
- Index(es):
Relevant Pages
|
