Date: 01 April 2008
References: AL-2008.0035
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2008.0036 -- AUSCERT ALERT
[Win]
CA Multiple Products DSM ListCtrl ActiveX Control Buffer
Overflow Vulnerability
1 April 2008
===========================================================================
AusCERT Alert Summary
---------------------
Product: BrightStor ARCServe Backup for Laptops and Desktops
CA Desktop Management Suite
Unicenter Desktop Management Bundle
Unicenter Asset Management
Unicenter Software Delivery
Unicenter Remote Control
Publisher: CA
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2008-1472
Ref: AL-2008.0035
Comment: This bulletin expands upon the vulnerability reported in
AL-2008.0035. CA products other than BrightStor ARCserve Backup
are also affected.
- --------------------------BEGIN INCLUDED TEXT--------------------
Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer
Overflow Vulnerability
CVE: CVE-2008-1472
CA Advisory Date: 2008-03-28
Reported By: Exploit code posted at milw0rm.com
Impact: A remote attacker can cause a denial of service or execute
arbitrary code.
Summary: CA products that implement the DSM ListCtrl ActiveX
control are vulnerable to a buffer overflow condition that can
allow a remote attacker to cause a denial of service or execute
arbitrary code with the privileges of the user running the web
browser. The vulnerability, CVE-2008-1472, is due to insufficient
bounds checking on the ListCtrl AddColumn function.
Mitigating Factors: For BrightStor ARCserve Backup for Laptops &
Desktops, only the server installation is affected. Client
installations are not affected. For CA Desktop Management Suite,
Unicenter Desktop Management Bundle, Unicenter Asset Management,
Unicenter Software Delivery and Unicenter Remote Control, only the
Managers and DSM Explorers are affected. Scalability Servers and
Agents are not affected.
Severity: CA has given this vulnerability a maximum risk rating
of High.
Affected Products:
BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
Affected Platforms:
Windows
Status and Recommendation:
CA has provided the following updates to address the
vulnerabilities.
BrightStor ARCserve Backup for Laptops and Desktops r11.5:
QO96102
CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1):
QO96088
CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a:
QO96092
CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2:
QO96091
CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1:
QO96090
How to determine if you are affected:
For products on Windows:
1. Using Windows Explorer, locate the file "ListCtrl.ocx". By
default, the file is in the "C:\Program Files\CA\DSM\bin\"
directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the file version is earlier than indicated in the below
table, the installation is vulnerable.
Product:
CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1)
File Name: ListCtrl.ocx
File Version: 11.1.8124.0
Product:
CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2
File Name: ListCtrl.ocx
File Version: 11.2.1000.16
Product:
CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a
File Name: ListCtrl.ocx
File Version: 11.2.1000.16
Product:
CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1,
BrightStor ARCserve Backup for Laptops and Desktops r11.5
File Name: ListCtrl.ocx
File Version: 11.2.1000.16
Workaround:
As a temporary workaround solution, disable the ListCtrl ActiveX
control in the registry by setting the kill bit on CLSID
{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}. Disabling the control may
prevent the GUI from functioning correctly. Refer to Microsoft KB
article 240797 <http://support.microsoft.com/kb/240797> for
information on how to disable an ActiveX control.
References (URLs may wrap):
CA SupportConnect:
http://support.ca.com/
CA products using the DSM ListCtrl ActiveX Control Security Notice
https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/DSM_ListCtr_secnot.html
Solution Document Reference APARs:
QO96102, QO96088, QO96092, QO96091, QO96090
CA Security Response Blog posting:
CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow
Vulnerability
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
Reported By:
Exploit code posted at milw0rm.com
CVE References:
CVE-2008-1472 - DSM ListCtrl ActiveX control AddColumn buffer overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1472
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please email your
findings to vuln AT ca DOT com.
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR/GKWSh9+71yA2DNAQJ8vwP7BxSiny6J5t/i3xsnzCW9vtGxh+AlVcIx
pHMs/NX62O5HP8if7xhHV9JnPC538U4MSQfQmadmlyEjYAOd0Log93e9fzTV/DDr
7rYTePTi2uA2Xwp71L8hIcRuIj/RgAPJpx2dZPhmqCs+P/FfpqFgBqcHWKa/OtLQ
40Khwy180Zk=
=b2/e
-----END PGP SIGNATURE-----
|