[NT] CA ARCserve Backup RPC "handle_t" Argument Vulnerability



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



CA ARCserve Backup RPC "handle_t" Argument Vulnerability
------------------------------------------------------------------------


SUMMARY

" <http://www.ca.com/us/data-loss-prevention.aspx> CA ARCserve is a
reliable and comprehensive data protection solution trusted by hundreds of
thousands users. It offers market-leading features, functionality and
performance to provide data protection that minimizes costs, streamlines
administrative tasks and operations and is part of a comprehensive
integrated recovery solution." Secunia Research has discovered a
vulnerability in BrightStor ARCserve Backup, which can be exploited by
malicious people to compromise a vulnerable system.

DETAILS

Vulnerable Systems:
* CA ARCserve Backup version 11.5 SP4 build 4491

The vulnerability is caused due to insufficient validation of "handle_t"
arguments passed to RPC endpoints. Passing object pointers to procedures
that expect different types can result in arbitrary code execution.

Time Table:
24/10/2007 - Vendor notified.
24/10/2007 - Vendor response.
21/11/2007 - Status update requested.
21/11/2007 - Vendor responds that development is working on patches.
07/04/2008 - Status update requested.
08/04/2008 - Vendor notifies expected release in May 2008.
21/05/2008 - Vendor notifies expected release in October 2008.
10/11/2008 - Vendor informed that October release did not fix the reported
vulnerability in version 11.5.
10/11/2008 - Vendor requests additional information.
10/11/2008 - Additional information provided to the vendor.
11/11/2008 - Vendor asks for further clarification.
11/11/2008 - Additional information about testing provided to vendor.
14/11/2008 - Vendor informed that fixes for version 12 correctly addressed
the reported vulnerability.
18/11/2008 - Vendor provides beta patch for version 11.5.
20/11/2008 - Vendor informed that beta patch fixes the vulnerability.
11/12/2008 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5415>
CVE-2008-5415


ADDITIONAL INFORMATION

The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-82/>
http://secunia.com/secunia_research/2007-82/



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.