[CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities

Title: [CAID 35515]: CA Products Alert Service RPC Procedure Buffer Overflow Vulnerabilities

CA Vuln ID (CAID): 35515

CA Advisory Date: 2007-07-17

Reported By: Anonymous researcher working with the iDefense VCP

Impact: Remote attacker can cause a denial of service or execute arbitrary code.

Summary: Multiple CA products that utilize Alert service functionality contain multiple vulnerabilities. The vulnerabilities, CVE-2007-3825, are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can exploit these buffer overflows to execute arbitrary code or cause service failure.

Mitigating Factors: None

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products:
CA Threat Manager for the Enterprise (formerly eTrust Integrated

   Threat Management) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Client agent for Windows

Affected Platforms:
Microsoft Windows

Status and Recommendation:
CA recommends that customers apply the update to address the vulnerabilities. The updated Alert service must be manually installed. For all affected products, apply QO89817. http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp

How to determine if you are affected:
1. Using Windows Explorer, locate the file "alert.exe". By

   default, the file is located in the
   "C:\Program Files\CA\SharedComponents\Alert" directory.

2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the "alert.exe" file version is less than 8.0.255.0, the 

   installation is vulnerable.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Workaround: None

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
Security Notice for CA products running the Alert service http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp Solution Document Reference APARs:
QO89817
CA Security Advisor posting:
CA Products Alert Service RPC Procedures Buffer Overflow Vulnerabilities
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149081 CA Vuln ID (CAID): 35515
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35515 Reported By: iDefense
iDefense Advisory:
Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561 CVE References:
CVE-2007-3825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3825 OSVDB References: Pending
http://osvdb.org/

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form.
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749         

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. Received on Thu Jul 19 14:26:31 2007