exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

caarcserve-dos.txt

caarcserve-dos.txt
Posted Oct 9, 2008
Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400
SHA-256 | 4a1efc837ec3a9c0d729220a5e7ba7876a7442c1a76a70f4dfc0ac3bc64384ca

caarcserve-dos.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Title: CA ARCserve Backup Multiple Vulnerabilities


CA Advisory Date: 2008-10-09


Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a
TELUS Company
Greg Linares of eEye Digital Security


Impact: A remote attacker can cause a denial of service or
possibly execute arbitrary code.


Summary: CA ARCserve Backup contains multiple vulnerabilities that
can allow a remote attacker to cause a denial of service or
possibly execute arbitrary code. CA has issued patches to address
the vulnerabilities. The first vulnerability, CVE-2008-4397,
occurs due to insufficient validation of certain RPC call
parameters by the message engine service. An attacker can exploit
a directory traversal vulnerability to execute arbitrary commands.
The second vulnerability, CVE-2008-4398, occurs due to
insufficient validation by the tape engine service. An attacker
can make a request that will crash the service. The third
vulnerability, CVE-2008-4399, occurs due to insufficient
validation by the database engine service. An attacker can make a
request that will crash the service. The fourth vulnerability,
CVE-2008-4400, occurs due to insufficient validation of
authentication credentials. An attacker can make a request that
will crash multiple services. Note that these issues only affect
the base product.


Mitigating Factors: None


Severity: CA has given these vulnerabilities a High risk rating.


Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2

*Formerly known as BrightStor ARCserve Backup.


Non-Affected Products
CA ARCserve Backup r12.0 Windows SP1


Affected Platforms:
Windows


Status and Recommendation:
CA has issued the following updates for systems that have an
affected base product.

CA ARCserve Backup r12.0 Windows:
Apply Service Pack 1 (RO01340)

CA ARCserve Backup r11.5 Windows:
RO02398

CA ARCserve Backup r11.1 Windows:
RO02396

CA Protection Suites r2:
RO02398


How to determine if you are affected:
CA ARCserve Backup r12.0 Windows,
CA ARCserve Backup r11.5 Windows:

1. Run the ARCserve Patch Management utility. From the Windows
Start menu, it can be found under Programs->CA->ARCserve
Patch Management->Patch Status.
2. The main patch status screen will indicate if the respective
patch in the table below is currently applied. If the patch
is not applied, the installation is vulnerable.

Product Patch
CA ARCserve Backup r12.0 Windows RO01340
CA ARCserve Backup r11.5 Windows RO02398

For more information on the ARCserve Patch Management utility,
read document TEC446265.

Alternatively, use the file information below to determine if the
product installation is vulnerable.

CA ARCserve Backup r12.0 Windows,
CA ARCserve Backup r11.5 Windows,
CA ARCserve Backup r11.1 Windows:

1. Using Windows Explorer, locate the file "asdbapi.dll". By
default, the file is located in the
"C:\Program Files\CA\BrightStor ARCserve Backup" directory.
2. Right click on the file and select Properties.
3. Select the General tab.
4. If the file timestamp is earlier than indicated in the table
below, the installation is vulnerable.

Product version: CA ARCserve Backup r11.1 Windows
File Name: asdbapi.dll
File Size: 856064 bytes
Timestamp: 09/05/2008 10:35:19

Product version: CA ARCserve Backup r11.5 Windows*
File Name: asdbapi.dll
File Size: 1249354 bytes
Timestamp: 09/05/2008 11:14:04

Product version: CA ARCserve Backup r12.0 Windows
File Name: asdbapi.dll
File Size: 992520 bytes
Timestamp: 08/09/2008 4:51:58

*CA Protection Suites r2 includes CA ARCserve Backup 11.5


Workaround: None


References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
Solution Document Reference APARs:
RO01340, RO02398, RO02396
CA Security Response Blog posting:
CA ARCserve Backup Multiple Vulnerabilities
community.ca.com/blogs/casecurityresponseblog/archive/2008/10/9.aspx
Reported By:
CVE-2008-4397 - Haifei Li of Fortinet's FortiGuard Global Security
Research Team
http://www.fortiguardcenter.com/
CVE-2008-4398 - Vulnerability Research Team of Assurent Secure
Technologies, a TELUS Company
CVE-2008-4399 - Vulnerability Research Team of Assurent Secure
Technologies, a TELUS Company
http://www.assurent.com/index.php?id=17
CVE-2008-4400 - Greg Linares of eEye Digital Security
http://www.eeye.com/
CVE References:
CVE-2008-4397 - Message engine command injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4397
CVE-2008-4398 - Tape engine denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4398
CVE-2008-4399 - Database engine denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4399
CVE-2008-4400 - Multiple service crash
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4400
OSVDB References: Pending
http://osvdb.org/


Changelog for this advisory:
v1.0 - Initial Release


Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to our product security response team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research


CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFI7n3AeSWR3+KUGYURAg0NAJ9jLzqrxJqZULSW8f2k6scNtPGGzwCfaQ5t
LKKf0q7/uG8pn1zWL7L1R5Q=
=t0W2
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close