Title: CAID 34846: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability CA Vulnerability ID (CAID): 34846 CA Advisory Date: 2006-12-07 Discovered By: Assurent Secure Technologies (assurent.com) Impact: Remote attacker can execute arbitrary code. Summary: CA BrightStor ARCserve Backup contains a buffer overflow that allows remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product. Mitigating Factors: None. Severity: CA has given this vulnerability a High risk rating. Affected Products: BrightStor Products: - BrightStor ARCserve Backup r11.5 SP1 and below (SP2 does not have this vulnerability ; please apply r11.5 SP2) - BrightStor ARCserve Backup r11.1 - BrightStor ARCserve Backup for Windows r11 - BrightStor Enterprise Backup 10.5 - BrightStor ARCserve Backup v9.01 CA Protection Suites r2: - CA Server Protection Suite r2 - CA Business Protection Suite r2 - CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 - CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 Affected platforms: Microsoft Windows Status and Recommendation: Customers with vulnerable versions of BrightStor ARCserve Backup products should upgrade to the latest versions which are available for download from http://supportconnect.ca.com. Solution Document Reference APARs: QO84609, QI82917, QO84611, QO84610 Determining if you are affected: For a list of updated files, and instructions on how to verify that the security update was fully applied, please review the Informational Solution referenced in the appropriate Solution Document. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for this vulnerability: Important Security Notice for BrightStor ARCserve Backup http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp Solution Document Reference APARs: QO84609, QI82917, QO84611, QO84610 CA Security Advisor Research Blog postings: http://www3.ca.com/blogs/posting.aspx?id=90744&pid=96149&date=2006/12 CAID: 34846 CAID Advisory links: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34846 Discoverer: Assurent Secure Technologies http://www.assurent.com/ CVE Reference: CVE-2006-6379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6379 OSVDB Reference: OSVDB IDs: 30775 http://osvdb.org/30775 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly. If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza. Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright © 2006 CA. All rights reserved.