[CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities
- From: "Williams, James K" <James.Williams@xxxxxx>
- Date: Thu, 19 Jul 2007 14:10:40 -0400
Title: [CAID 35515]: CA Products Alert Service RPC Procedure
Buffer Overflow Vulnerabilities
CA Vuln ID (CAID): 35515
CA Advisory Date: 2007-07-17
Reported By: Anonymous researcher working with the iDefense VCP
Impact: Remote attacker can cause a denial of service or execute
Summary: Multiple CA products that utilize Alert service
functionality contain multiple vulnerabilities. The
vulnerabilities, CVE-2007-3825, are due to insufficient bounds
checking on received data by certain RPC procedures. An attacker
can exploit these buffer overflows to execute arbitrary code or
cause service failure.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a High risk rating.
CA Threat Manager for the Enterprise (formerly eTrust Integrated
Threat Management) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Client agent for Windows
Status and Recommendation:
CA recommends that customers apply the update to address the
vulnerabilities. The updated Alert service must be manually
installed. For all affected products, apply QO89817.
How to determine if you are affected:
1. Using Windows Explorer, locate the file "alert.exe". By
default, the file is located in the
"C:\Program Files\CA\SharedComponents\Alert" directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the "alert.exe" file version is less than 126.96.36.199, the
installation is vulnerable.
References (URLs may wrap):
Security Notice for CA products running the Alert service
Solution Document Reference APARs:
CA Security Advisor posting:
CA Products Alert Service RPC Procedures Buffer Overflow
CA Vuln ID (CAID): 35515
Reported By: iDefense
Computer Associates Alert Notification Server Multiple Buffer
OSVDB References: Pending
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Legal Notice http://www.ca.com/us/legal/
Copyright (c) 2007 CA. All rights reserved.
- Prev by Date: iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability
- Next by Date: [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos
- Previous by thread: iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability
- Next by thread: [CVE-2007-3816][Advisory] JWIG Context-Dependent Template Calling Dos