Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities

CA Vulnerability ID: 33756

Discovery Date: 2005-12-20

CA Advisory Date: 2006-01-17

Discovered By: Cengiz Aykanat (CA internal audit), and 
Karma[at]DesignFolks[dot]com[dot]au.


Impact: Remote attacker can cause a denial of service condition.


Summary: The following security vulnerability issues have been 
identified in the DM Primer part of the DM Deployment Common 
Component being distributed with some CA products:
1) A Denial of Service (DoS) vulnerability has been identified in 
the handling of unrecognized network messages, which may result 
in high CPU utilization and excessive growth of the DM Primer 
log file.
2) A Denial of Service (DoS) vulnerability has been identified 
with the way in which DM Primer handles receipt of large rogue 
network messages, which can result in DM Primer becoming 
unresponsive. 


Severity: Computer Associates has given this vulnerability a 
Medium risk rating.


Mitigating Factors: These vulnerabilities will only be present if 
you have utilized the DM Deployment mechanism (bundled with the 
affected products) to deploy those products within your 
enterprise environment.


Affected Technologies: Please note that the DM Primer component 
is not a product, but rather a common component that is included 
with multiple products.  Vulnerable versions of the DM Primer 
component are included in the CA products listed in the Affected 
Products section below.  DM Primer component versions v1.4.154 
and v1.4.155 are vulnerable to these issues.  These 
vulnerabilities are not present in DM Primer v11.0 or later.


Affected Products:
- BrightStor Mobile Backup r4.0
- BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, 
r11.1 SP1
- Unicenter Remote Control 6.0, 6.0 SP1
- CA Desktop Protection Suite r2
- CA Server Protection Suite r2
- CA Business Protection Suite r2
- CA Business Protection Suite for Microsoft Small Business 
Server Standard Edition r2
- CA Business Protection Suite for Microsoft Small Business 
Server Premium Edition r2
- CA Business Protection Suite for Midsize Business for Windows 
r2


Affected platforms:
Windows


Platforms NOT affected:
This version of DM Primer is not supported on any other 
platforms.


Status and Recommendation: 
Since this version of DM Primer is only utilized for the initial 
installation of the products, the above vulnerabilities can be 
addressed by simply removing the DM Primer Service after 
deployment.  To remove the DM Primer component follow the 
instructions below:

dmprimer remove -f:

will force the removal of a local DM Primer service,

dmsweep -a1:remotecomp -dp:force

will force the removal of the DM Primer service from a remote 
computer called remotecomp.

The dmsweep command will be available on the DM Deployment 
machine (usually the host for the product manager with which it 
was bundled).  It can take a machine name, an ip address, or a 
range of ip addresses.  Some examples are:

dmsweep -a1:192.168.0.*  -dp:force

will forcibly remove DM Primer from all machines on the 
192.168.0.* subnet

dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force

will forcibly remove DM Primer from all machines in the range 
192.168.0.1-192.168.0.100

dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force

will forcibly remove DM Primer from all machines in the range 
192.168.0.1-192.168.0.100


Please refer to the FAQ for answers to commonly asked 
questions.
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp


References: 
(note that URLs may wrap)
DM Deployment Common Component Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not
ice.asp

Frequently Asked Questions (FAQ) related to this security update
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp

CA Security Advisor site advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756

CVE Reference: Pending
http://cve.mitre.org

OSVDB Reference: Pending
http://osvdb.org

Error Handling in DM Primer
http://www.designfolks.com.au/karma/DMPrimer/


Customers who require additional information should contact CA 
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a 
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Dir. Vuln Research 
CA Vulnerability Research Team


CA, One Computer Associates Plaza. Islandia, NY 11749
  
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA.  All rights reserved.