exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Mar 20, 2007
Authored by Ken Williams | Site www3.ca.com

CA BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2006-6076, CVE-2007-0816, CVE-2007-1447, CVE-2007-1448
SHA-256 | 26afa70359ee71d1cdb1f3ba90e2bd4290ccf6d14fd317067b25d049a10fc66f


Change Mirror Download

Title: [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve
Backup Tape Engine and Portmapper Vulnerabilities

CA Vuln ID (CAID): 34817, 35058, 35158, 35159

CA Advisory Date: 2007-03-15

Reported By: McAfee

Impact: Remote attackers can cause a denial of service or
potentially execute arbitrary code.

Summary: CA BrightStor ARCserve Backup contains four
vulnerabilities that can allow a remote attacker to cause a denial
of service or possibly execute arbitrary code. CA has issued
patches to address the vulnerabilities. The first vulnerability,
CVE-2006-6076, is due to insufficient bounds checking in the Tape
Engine, which can result in a buffer overflow and arbitrary code
execution. The second vulnerability, CVE-2007-0816, is related to
how invalid parameters are handled by the portmapper (catirpc.dll)
service. By sending a specially crafted request, a remote attacker
can crash the service. The third vulnerability, CVE-2007-1447, is
due to a memory corruption issue that occurs during processing of
RPC procedure arguments by the Tape Engine. The vulnerability can
result in a denial of service, and can potentially be exploited to
execute arbitrary code. The fourth vulnerability, CVE-2007-1448,
is due to the presence of an RPC function that, when called, will
disable the Tape Engine interface. A remote attacker can make a
request that will effectively shut down Tape Engine functionality.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products:
BrightStor Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Protection Suites r2:
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business
Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business
Server Premium Edition r2

Affected Platforms:

Status and Recommendation:
Customers using vulnerable versions of BrightStor ARCserve Backup
should upgrade with the latest patches, which are available for
download from http://supportconnect.ca.com.
BrightStor ARCserve Backup r11.5 - QO86255
BrightStor ARCserve Backup r11.1 - QO86258
BrightStor ARCserve Backup r11.0 - QI82917
BrightStor Enterprise Backup r10.5 - QO86259
BrightStor ARCserve Backup v9.01 - QO86260

How to determine if the installation is affected:
1. Using Windows Explorer, locate the files "tapeng.dll" and
"catirpc.dll". By default, the files are located in the
"C:\Program Files\CA\BrightStor ARCserve Backup" directory.
2. Right click on each of the files and select Properties.
3. Select the General tab.
4. If either file timestamp is earlier than what is indicated in
the table below, the installation is vulnerable.

File Name Timestamp File Size
catirpc.dll 02/12/2007 10:55:14 102400 bytes
tapeeng.dll 02/02/2007 17:05:00 876627 bytes

To reduce exposure, block unauthorized access to ports 6502 (TCP)
and 111 (UDP).

References (URLs may wrap):
CA SupportConnect:
CA SupportConnect Security Notice for this vulnerability:
Security Notice for BrightStor ARCserve Backup Tape Engine and
Solution Document Reference APARs:
QO86255, QO86258, QI82917, QO86259, QO86260
CA Security Advisor posting:
CA BrightStor ARCserve Backup Tape Engine and Portmapper
CAID: 34817, 35058, 35158, 35159
CAID Advisory links:
Reported By: McAfee
McAfee advisory:
CVE References: CVE-2006-6076, CVE-2007-0816, CVE-2007-1447,
OSVDB Reference: OSVDB-32989, OSVDB-32990, OSVDB-32991,

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please
send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability"
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749

Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2007 CA. All rights reserved.
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By