copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AL-2007.0051 -- [Win] -- CA BrightStor ARCserve Back...
 

AL-2007.0051 -- [Win] -- CA BrightStor ARCserve Backup Media Server RPC service buffer overflows
Date: 26 April 2007
References: AL-2007.0039  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2007.0051 -- AUSCERT ALERT
                                   [Win]
  CA BrightStor ARCserve Backup Media Server RPC service buffer overflows
                               26 April 2007

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:              CA BrightStor ARCserve Backup versions v9.01, r11.1 and r11.5
                      CA BrightStor ARCserve Backup for Windows r11
                      CA BrightStor Enterprise Backup r10.5
                      CA Server Protection Suite r2
                      CA Business Protection Suite r2
                      CA Business Protection Suite for Microsoft Small Business Server r2
Publisher:            US-CERT
Operating System:     Windows
Impact:               Administrator Compromise
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-1785 CVE-2007-2139

Ref:                  AL-2007.0039

Original Bulletin:    
  http://www.kb.cert.org/vuls/id/979825
  http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp

Comment: Exploit code for vulnerability CVE-2007-1785 has been publicly
         posted since the end of March, as per AusCERT Alert AL-2007.0039.
         
         These CA patches additionally fix a second critical RPC
         vulnerability in the same component.

- --------------------------BEGIN INCLUDED TEXT--------------------

US-CERT Vulnerability Note VU#979825
CA BrightStor ARCserve Backup Media Server RPC service buffer overflows

Overview
	The CA BrightStor ARCserve Backup Media Server contains multiple
	buffer overflows in the RPC service, which can allow a remote,
	unauthenticated attacker to execute arbitrary code with elevated
	privileges.

I. Description

	BrightStor ARCserve Backup is a backup and data retention tool that
	integrates with other BrightStor Data Availability and BrightStor
	Storage Management solutions. The BrightStor ARCserve Media Server
	service, which is provided by mediasvr.exe, contains multiple buffer
	overflows in the handling of RPC requests. According to the CA security
	notice, the following products are affected

	    BrightStor ARCserve Backup r11.5
	    BrightStor ARCserve Backup r11.1
	    BrightStor ARCserve Backup r11 for Windows
	    BrightStor Enterprise Backup r10.5
	    BrightStor ARCserve Backup v9.01
	    CA Server Protection Suite r2
	    CA Business Protection Suite r2
	    CA Business Protection Suite for Microsoft Small Business 
	      Server Standard Edition r2
	    CA Business Protection Suite for Microsoft Small Business 
	      Server Premium Edition r2

II. Impact

	A remote, unauthenticated attacker may be able to execute arbitrary
	code with elevated privileges.

III. Solution

	Apply an update

	According to the CA security notice
	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp

	    CA has issued the following patches to address the vulnerabilities.

	    BrightStor ARCserve Backup r11.5 SP3 - QO87569
	    BrightStor ARCserve Backup r11.5 SP2 - QO87570
	    BrightStor ARCserve Backup r11.1 - QO87573
	    BrightStor ARCserve Backup r11.0 - QI82917
	    BrightStor Enterprise Backup r10.5 - QO87575
	    BrightStor ARCserve Backup v9.01 - QO87574

Systems Affected

	Vendor	Status	Date Updated
	Computer Associates	Vulnerable	25-Apr-2007

References

	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
	http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
	http://secunia.com/advisories/24972/

Credit

	This vulnerability was reported by ZDI, who in turn credit Tenable
	Network Security.

	This document was written by Will Dormann.

Other Information

	Date Public	04/24/2007
	Date First Published	04/25/2007 02:50:44 PM
	Date Last Updated	04/25/2007
	CERT Advisory	 
	CVE Name	CVE-2007-2139
	Metric	9.72
	Document Revision	6

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRi/0Jih9+71yA2DNAQI4kQP/cnDGWBb5bIW6917QeutTysKEuQQ9mql3
sCmgO7+MAx7Cpa4u4IK1DXobgf1MI3PQ5wWuYryue+6XIertLgCNop1UGfnT3D8b
lyhw7fUuVa57wp6Il1nQQQ2hB9t0NpVjXH90tv7Csu2Kgf3vrsQY1J65DMgaJhtR
Rvq7SGOd0jg=
=8aCq
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=21&it=7513