Date: 02 February 2007
References: AL-2007.0011 ESB-2007.0052
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Update AU-2007.0003 - [Win]
Exploit code released for CA BrightStor ARCserve Backup
2 February 2007
AusCERT Update Summary
----------------------
Product: CA BrightStor ARCserve Backup for Laptops and
Desktops 11.1 SP1
CA BrightStor ARCserve Backup for Laptops and
Desktops 11.1
CA BrightStor ARCserve Backup for Laptops and
Desktops 11.0
CA BrightStor Mobile Backup r4.0
CA Desktop Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small
Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small
Business Server Premium Edition r2
CA Desktop Management Suite r11.1
CA Desktop Management Suite r11.0
Operating System: Windows
Impact: Administrator Compromise
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-0449 CVE-2007-0169 CVE-2007-0168
CVE-2006-5172 CVE-2006-5171
Member content until: Friday, March 02 2007
Ref: ESB-2007.0052
AL-2007.0011
OVERVIEW
Exploit code for the recent vulnerabilities in CA BrightStor ARCserv
Backup [1][2] have been released to the general public [3].
IMPACT
Successful exploitation of these vulnerabilities could allow a
remote attacker to take complete control of an affected machine.
MITIGATION
Users of CA BrightStor, Protection Suite and Desktop Management Suite
software should upgrade to non-vulnerable versions as soon as
possible. Patches and upgrades have been made available on CA's
website [4].
As with any backup product, access to server ports used for backup
should be restricted to the backup client, and vice versa for client
ports. All backup service ports should not be accessible from outside
your organisation. In this specific case, traffic to TCP ports 1900,
2200, 6502, 6503 and 6504 should be restricted.
REFERENCES
[1] ESB-2007.0052
http://www.auscert.org.au/7223
[2] AL-2007.0011
http://www.auscert.org.au/7194
[3] US-CERT Current Activity
http://www.us-cert.gov/current/current_activity.html#expcalgn
[4] CA Security Notice
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRcLFJCh9+71yA2DNAQIOywP9HGQ63UTSk0+P0SiItzaRtZ4cxMZqk+or
dBfhr8qFedOelSeCjswsRsHn/J8yUs/iddoY3tS5eL20R20F8Mw1DBDoQlPI8bD0
1COVHXv7F9wnpFpdIYae4kDhkKAO3jH9Hoh9y8SdcEOCE3/dpTAIWK95chk9H47F
LH5APJ8L41c=
=KDAb
-----END PGP SIGNATURE-----
|