Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:9372
HistoryAug 03, 2005 - 12:00 a.m.

CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability

2005-08-0300:00:00
vulners.com
22
JSON

Title: Computer Associates BrightStor ARCserve/Enterprise Backup
Agents buffer overflow vulnerability

CA Vulnerability ID: 33239

Discovery Date: 2005-04-25

Disclosure Date: 2005-08-02

Discovered By: iDEFENSE

Impact: A remote attacker can execute arbitrary code with SYSTEM
privileges.

Summary: Computer Associates BrightStor ARCserve Backup and
BrightStor Enterprise Backup Agents for Windows contain a
stack-based buffer overflow vulnerability. The vulnerability may
allow remote attackers to execute arbitrary code with SYSTEM
privileges, or cause a denial of service condition. The buffer
overflow is the result of improper bounds checking performed on
data sent to port 6070.

Severity: Computer Associates has given this vulnerability a
High risk rating.

Affected Technologies: This vulnerability exists in the
following BrightStor ARCserve Backup and BrightStor Enterprise
Backup application agents:

BrightStor ARCserve Backup r11.1:

  • BrightStor ARCserve Backup r11.1 Agent for SQL for Windows
  • BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows
  • BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows
  • BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange
    Premium Add-on for Windows

BrightStor ARCserve Backup r11.0:

  • BrightStor ARCserve Backup Release 11 Agent for SQL for Windows
  • BrightStor ARCserve Backup Release 11 Agent for Oracle for
    Windows
  • BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for
    Windows
  • BrightStor ARCserve Backup Release 11 Agent for Microsoft
    Exchange Premium Add-on for Windows

BrightStor ARCserve Backup v9.01

  • BrightStor ARCserve Backup Version 9 Agent for SQL for Windows
  • BrightStor ARCserve Backup Version 9 Agent for Oracle for
    Windows
  • BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for
    Windows

BrightStor Enterprise Backup 10.5

  • BrightStor Enterprise Backup v10.5 Agent for SQL for Windows
  • BrightStor Enterprise Backup v10.5 Agent for Oracle for
    Windows
  • BrightStor Enterprise Backup v10.5 Serverless Backup Agent for
    Oracle for Windows
  • BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC
    Timefinder for Windows
  • BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for
    NT/2000

BrightStor Enterprise Backup 10

  • BrightStor Enterprise Backup Agent for SQL for Windows
  • BrightStor Enterprise Backup Agent for Oracle for Windows
  • BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and
    SQL on Windows
  • BrightStor Enterprise Backup Agent for Oracle for EMC
    Timefinder for Windows
  • BrightStor Enterprise Backup Serverless Backup Agent for
    Oracle for Windows

Status: Security updates that completely remediate this
vulnerability issue are available for all affected products.

Recommendation (note that URLs may wrap):
Apply the appropriate security update(s).
BrightStor ARCserve Backup r11.1 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767&
startsearch=1
BrightStor ARCserve Backup r11.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&
startsearch=1
BrightStor ARCserve Backup v9.01 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&
startsearch=1
BrightStor Enterprise Backup v10.5 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&
startsearch=1
BrightStor Enterprise Backup v10.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&
startsearch=1

CVE Reference: Pending

OSVDB Reference: Pending

Advisory URLs (note that URLs may wrap):

CA Security Advisor site
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239

E-News: BrightStor Storage Newsletter v05.11 August 2nd, 2005
http://supportconnectw.ca.com/public/enews/BrightStor/brig080205.asp

Should you require additional information, please contact CA
Technical Support at http://supportconnect.ca.com.

Respectfully,

Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985

Computer Associates International, Inc. (CA).
One Computer Associates Plaza. Islandia, NY 11749

Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved

JSON