Title: Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability CA Vulnerability ID: 33239 Discovery Date: 2005-04-25 Disclosure Date: 2005-08-02 Discovered By: iDEFENSE Impact: A remote attacker can execute arbitrary code with SYSTEM privileges. Summary: Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup Agents for Windows contain a stack-based buffer overflow vulnerability. The vulnerability may allow remote attackers to execute arbitrary code with SYSTEM privileges, or cause a denial of service condition. The buffer overflow is the result of improper bounds checking performed on data sent to port 6070. Severity: Computer Associates has given this vulnerability a High risk rating. Affected Technologies: This vulnerability exists in the following BrightStor ARCserve Backup and BrightStor Enterprise Backup application agents: BrightStor ARCserve Backup r11.1: - BrightStor ARCserve Backup r11.1 Agent for SQL for Windows - BrightStor ARCserve Backup r11.1 Agent for Oracle for Windows - BrightStor ARCserve Backup r11.1 Agent for SAP R/3 for Windows - BrightStor ARCserve Backup r11.1 Agent for Microsoft Exchange Premium Add-on for Windows BrightStor ARCserve Backup r11.0: - BrightStor ARCserve Backup Release 11 Agent for SQL for Windows - BrightStor ARCserve Backup Release 11 Agent for Oracle for Windows - BrightStor ARCserve Backup Release 11 Agent for SAP R/3 for Windows - BrightStor ARCserve Backup Release 11 Agent for Microsoft Exchange Premium Add-on for Windows BrightStor ARCserve Backup v9.01 - BrightStor ARCserve Backup Version 9 Agent for SQL for Windows - BrightStor ARCserve Backup Version 9 Agent for Oracle for Windows - BrightStor ARCserve Backup Version 9 Agent for SAP R/3 for Windows BrightStor Enterprise Backup 10.5 - BrightStor Enterprise Backup v10.5 Agent for SQL for Windows - BrightStor Enterprise Backup v10.5 Agent for Oracle for Windows - BrightStor Enterprise Backup v10.5 Serverless Backup Agent for Oracle for Windows - BrightStor Enterprise Backup v10.5 Agent for Oracle for EMC Timefinder for Windows - BrightStor Enterprise Backup v10.5 Agent for SAP R/3 for NT/2000 BrightStor Enterprise Backup 10 - BrightStor Enterprise Backup Agent for SQL for Windows - BrightStor Enterprise Backup Agent for Oracle for Windows - BrightStor Enterprise Backup Agent for SAP R/3 for Oracle and SQL on Windows - BrightStor Enterprise Backup Agent for Oracle for EMC Timefinder for Windows - BrightStor Enterprise Backup Serverless Backup Agent for Oracle for Windows Status: Security updates that completely remediate this vulnerability issue are available for all affected products. Recommendation (note that URLs may wrap): Apply the appropriate security update(s). BrightStor ARCserve Backup r11.1 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767& startsearch=1 BrightStor ARCserve Backup r11.0 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769& startsearch=1 BrightStor ARCserve Backup v9.01 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770& startsearch=1 BrightStor Enterprise Backup v10.5 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774& startsearch=1 BrightStor Enterprise Backup v10.0 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773& startsearch=1 CVE Reference: Pending OSVDB Reference: Pending Advisory URLs (note that URLs may wrap): CA Security Advisor site http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239 E-News: BrightStor Storage Newsletter v05.11 August 2nd, 2005 http://supportconnectw.ca.com/public/enews/BrightStor/brig080205.asp Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com. Respectfully, Ken Williams ; Dir. Vuln Research Computer Associates ; 0xE2941985 Computer Associates International, Inc. (CA). One Computer Associates Plaza. Islandia, NY 11749 Contact Us http://ca.com/catalk.htm Legal Notice http://ca.com/calegal.htm Privacy Policy http://ca.com Copyright 2005 Computer Associates International, Inc. All rights reserved _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/