copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

AL-2005.020 -- CAID 33239 -- Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

Date: 03 August 2005
References: AU-2005.0016  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2005.020 -- AUSCERT ALERT
                                CAID 33239
         Computer Associates BrightStor ARCserve/Enterprise Backup
                   Agents buffer overflow vulnerability
                               3 August 2005

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:           BrightStor ARCserve Backup r11.1 and prior
                   BrightStor Enterprise Backup 10.5 and prior
Publisher:         Computer Associates
Operating System:  Windows
Impact:            Administrator Compromise
                   Execute Arbitrary Code/Commands
Access:            Remote/Unauthenticated

Original Bulletin: 
  http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239

- --------------------------BEGIN INCLUDED TEXT--------------------

Title: Computer Associates BrightStor ARCserve/Enterprise Backup 
Agents buffer overflow vulnerability

CA Vulnerability ID: 33239

Discovery Date: 2005-04-25

Disclosure Date: 2005-08-02

Discovered By: iDEFENSE

Impact: A remote attacker can execute arbitrary code with SYSTEM 
privileges.

Summary: Computer Associates BrightStor ARCserve Backup and 
BrightStor Enterprise Backup Agents for Windows contain a 
stack-based buffer overflow vulnerability. The vulnerability may 
allow remote attackers to execute arbitrary code with SYSTEM 
privileges, or cause a denial of service condition. The buffer 
overflow is the result of improper bounds checking performed on 
data sent to port 6070. 

Severity: Computer Associates has given this vulnerability a 
High risk rating.

Affected Technologies: This vulnerability exists in the 
following BrightStor ARCserve Backup and BrightStor Enterprise 
Backup application agents:

BrightStor ARCserve Backup r11.1:
- - BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
- - BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
- - BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
- - BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange 
  Premium Add-on for Windows

BrightStor ARCserve Backup r11.0:
- - BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
- - BrightStor ARCserve Backup Release 11 Agent for Oracle for 
  Windows
- - BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for 
  Windows
- - BrightStor ARCserve Backup Release 11 Agent for Microsoft 
  Exchange Premium Add-on for Windows

BrightStor ARCserve Backup v9.01
- - BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
- - BrightStor ARCserve Backup Version 9 Agent for Oracle for 
  Windows 
- - BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for 
  Windows 

BrightStor Enterprise Backup 10.5
- - BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
- - BrightStor Enterprise Backup v10.5 Agent for Oracle for 
  Windows
- - BrightStor Enterprise Backup v10.5 Serverless Backup Agent for 
  Oracle for Windows
- - BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC 
  Timefinder for Windows
- - BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for 
  NT/2000

BrightStor Enterprise Backup 10
- - BrightStor Enterprise Backup Agent for SQL for Windows
- - BrightStor Enterprise Backup Agent for Oracle for Windows
- - BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and 
  SQL on Windows
- - BrightStor Enterprise Backup Agent for Oracle for EMC 
  Timefinder for Windows
- - BrightStor Enterprise Backup Serverless Backup Agent for 
  Oracle for Windows

Status: Security updates that completely remediate this 
vulnerability issue are available for all affected products.

Recommendation (note that URLs may wrap): 
Apply the appropriate security update(s).
BrightStor ARCserve Backup r11.1 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767&
startsearch=1
BrightStor ARCserve Backup r11.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&
startsearch=1
BrightStor Enterprise Backup v10.5 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&
startsearch=1
BrightStor Enterprise Backup v10.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&
startsearch=1

CVE Reference: Pending

OSVDB Reference: Pending

Advisory URLs (note that URLs may wrap): 

CA Security Advisor site
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239

E-News: BrightStor Storage Newsletter v05.11 August 2nd, 2005
http://supportconnectw.ca.com/public/enews/BrightStor/brig080205.asp


Should you require additional information, please contact CA 
Technical Support at http://supportconnect.ca.com.


Respectfully,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985


Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
	
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQvAVKih9+71yA2DNAQJ/aAP/YsFIL9RpQU7rYZZi61ijgFZBj46H0Wvx
VnfvDk+geXE2H83cd4aYJmUKplJBXFI+DH6zDx4e5EeAw+G0XQcsMqt2/b3IZXoW
N/r4F4xrxrrfNYnfkZDMVPfQBUcplwWP+eGtZi8xyxZ+J7ywyyPKEjjI9JwbRVRw
+4pvIOHMBxw=
=H9iS
-----END PGP SIGNATURE-----