-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: [CAID 34955, 34956, 34957, 34958, 34959, 34817]: BrightStor ARCserve Backup Multiple Overflow Vulnerabilities CA Vuln ID (CAID): 34955, 34956, 34957, 34958, 34959, 34817 CA Advisory Date: 2007-01-11 Discovered By: TippingPoint, IBM ISS, iDefense Labs Impact: Remote attacker can execute arbitrary code. Summary: CA BrightStor ARCserve Backup contains multiple overflow conditions that can allow a remote attacker to execute arbitrary code with local SYSTEM privileges on Windows. The BrightStor ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected. Mitigating Factors: None. Severity: CA has given these vulnerability issues a High risk rating. Affected Products: BrightStor Products: BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup for Windows r11 BrightStor Enterprise Backup r10.5 BrightStor ARCserve Backup v9.01 CA Protection Suites r2 Products: CA Server Protection Suite r2 CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 Affected platforms: Microsoft Windows Status and Recommendation: Customers with vulnerable versions of BrightStor ARCserve Backup products should apply the appropriate fixes, which are now available for download at http://supportconnect.ca.com. BAB r11.5 - QO84983 BAB r11.1 - QO84984 BAB r11.0 - QI82917 BEB r10.5 - QO84986 BAB v9.01 - QO84985 Determining if you are affected: Refer to the appropriate APAR for details about updated module versions. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for this vulnerability: Important Security Notice for BrightStor ARCserve Backup http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice .asp CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-sec notice.asp Solution Document Reference APARs: Q084983, Q084984, QI82917, Q084986, Q084985 CA Security Advisor posting: BrightStor ARCserve Backup Multiple Overflow Vulnerabilities http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428 CAID: 34955, 34956, 34957, 34958, 34959, 34817 CAID Advisory links: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34955 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34956 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34957 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34958 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817 Discoverer: TippingPoint, IBM ISS, iDefense Labs TippingPoint advisories: http://www.zerodayinitiative.com/advisories/ZDI-07-002.html http://www.zerodayinitiative.com/advisories/ZDI-07-003.html http://www.zerodayinitiative.com/advisories/ZDI-07-004.html IBM ISS advisories: http://www.iss.net/threats/252.html http://www.iss.net/threats/253.html iDefense Labs: http://labs.idefense.com/ CVE Reference: CVE-2006-5171, CVE-2006-5172, CVE-2007-0168, CVE-2007-0169, CVE-2006-6076, CVE-2006-6917 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6917 OSVDB Reference: OSVDB ID: 31317, 31318, 31319, 31320, 31327, 30637 http://osvdb.org/31317 http://osvdb.org/31318 http://osvdb.org/31319 http://osvdb.org/31320 http://osvdb.org/31327 http://osvdb.org/30637 Other references: http://www.lssec.com/advisories/LS-20061001.pdf http://www.lssec.com/advisories/LS-20060908.pdf http://www.lssec.com/advisories.html Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly. If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza. Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright © 2007 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRabFFnklkd/ilBmFEQIwBQCfb8Cm6XN3bhpvQFxYTKiGSj2YTfIAnR2r 5OIGmbEDjC46ml8NCUmDeoEn =/XwF -----END PGP SIGNATURE-----