exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

camulti-overflow.txt

camulti-overflow.txt
Posted Mar 28, 2008
Authored by Ken Williams | Site www3.ca.com

CA Security Advisory - CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser.

tags | advisory, remote, web, denial of service, overflow, arbitrary, activex
advisories | CVE-2008-1472
SHA-256 | 09da45444339d3374071c6c750d520dceb4ed69662d8b774f4b6bf0b10195eef

camulti-overflow.txt

Change Mirror Download

Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer
Overflow Vulnerability

CVE: CVE-2008-1472

CA Advisory Date: 2008-03-28

Reported By: Exploit code posted at milw0rm.com

Impact: A remote attacker can cause a denial of service or execute
arbitrary code.

Summary: CA products that implement the DSM ListCtrl ActiveX
control are vulnerable to a buffer overflow condition that can
allow a remote attacker to cause a denial of service or execute
arbitrary code with the privileges of the user running the web
browser. The vulnerability, CVE-2008-1472, is due to insufficient
bounds checking on the ListCtrl AddColumn function.

Mitigating Factors: For BrightStor ARCserve Backup for Laptops &
Desktops, only the server installation is affected. Client
installations are not affected. For CA Desktop Management Suite,
Unicenter Desktop Management Bundle, Unicenter Asset Management,
Unicenter Software Delivery and Unicenter Remote Control, only the
Managers and DSM Explorers are affected. Scalability Servers and
Agents are not affected.

Severity: CA has given this vulnerability a maximum risk rating
of High.

Affected Products:
BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)

Affected Platforms:
Windows

Status and Recommendation:
CA has provided the following updates to address the
vulnerabilities.

BrightStor ARCserve Backup for Laptops and Desktops r11.5:
QO96102

CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1):
QO96088

CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a:
QO96092

CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2:
QO96091

CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1:
QO96090

How to determine if you are affected:
For products on Windows:
1. Using Windows Explorer, locate the file "ListCtrl.ocx". By
default, the file is in the "C:\Program Files\CA\DSM\bin\"
directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the file version is earlier than indicated in the below
table, the installation is vulnerable.

Product:
CA Desktop Management Suite for Windows r11.1 (GA, a, C1),
Unicenter Desktop Management Bundle r11.1 (GA, a, C1),
Unicenter Asset Management r11.1 (GA, a, C1),
Unicenter Software Delivery r11.1 (GA, a, C1),
Unicenter Remote Control r11.1 (GA, a, C1)
File Name: ListCtrl.ocx
File Version: 11.1.8124.0

Product:
CA Desktop Management Suite for Windows r11.2,
Unicenter Desktop Management Bundle r11.2,
Unicenter Asset Management r11.2,
Unicenter Software Delivery r11.2,
Unicenter Remote Control r11.2
File Name: ListCtrl.ocx
File Version: 11.2.1000.16

Product:
CA Desktop Management Suite for Windows r11.2a,
Unicenter Desktop Management Bundle r11.2a,
Unicenter Asset Management r11.2a,
Unicenter Software Delivery r11.2a,
Unicenter Remote Control r11.2a
File Name: ListCtrl.ocx
File Version: 11.2.1000.16

Product:
CA Desktop Management Suite for Windows r11.2 C1,
Unicenter Desktop Management Bundle r11.2 C1,
Unicenter Asset Management r11.2 C1,
Unicenter Software Delivery r11.2 C1,
Unicenter Remote Control r11.2 C1,
BrightStor ARCserve Backup for Laptops and Desktops r11.5
File Name: ListCtrl.ocx
File Version: 11.2.1000.16

Workaround:
As a temporary workaround solution, disable the ListCtrl ActiveX
control in the registry by setting the kill bit on CLSID
{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}. Disabling the control may
prevent the GUI from functioning correctly. Refer to Microsoft KB
article 240797 <http://support.microsoft.com/kb/240797> for
information on how to disable an ActiveX control.

References (URLs may wrap):
CA SupportConnect:
http://support.ca.com/
CA products using the DSM ListCtrl ActiveX Control Security Notice
https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/DSM_ListCtr_secnot.html
Solution Document Reference APARs:
QO96102, QO96088, QO96092, QO96091, QO96090
CA Security Response Blog posting:
CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow
Vulnerability
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/3/28.aspx
Reported By:
Exploit code posted at milw0rm.com
CVE References:
CVE-2008-1472 - DSM ListCtrl ActiveX control AddColumn buffer overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1472
OSVDB References: Pending
http://osvdb.org/

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please email your
findings to vuln AT ca DOT com.


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close