---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: CA Products Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA22285 VERIFY ADVISORY: http://secunia.com/advisories/22285/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: CA Server Protection Suite r2 http://secunia.com/product/6873/ CA Business Protection Suite r2 http://secunia.com/product/6874/ CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 http://secunia.com/product/6876/ CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 http://secunia.com/product/6875/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ DESCRIPTION: Some vulnerabilities have been reported in various CA products, which can be exploited by malicious people to compromise a vulnerable system. 1) Some boundary errors exist within RPC routines in the Backup Agent RPC Server (DBASRV.exe), which can be exploited to cause stack-based buffer overflows and allow arbitrary code execution. 2) A boundary error exists in ASBRDCST.DLL when processing Discovery Service communication. This can be exploited to cause a stack-based buffer overflow and allows execution of arbitrary code. 3) Two boundary errors exist within RPC routines in ASCORE.dll, used by the Message Engine RPC Server. These can be exploited to cause a heap-based buffer overflow and a stack-based buffer overflow by passing an overly long string as the second parameter, and allow arbitrary code execution. The following products for the Windows platform are affected: * BrightStor ARCserve Backup r11.5 SP1 and below (SP2 is not affected) * BrightStor ARCserve Backup r11.1 * BrightStor ARCserve Backup for Windows r11 * BrightStor Enterprise Backup 10.5 * BrightStor ARCserve Backup v9.01 * CA Server Protection Suite r2 * CA Business Protection Suite r2 * CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 * CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 SOLUTION: Update to the latest version. http://supportconnect.ca.com PROVIDED AND/OR DISCOVERED BY: 1) Pedram Amini, TippingPoint Security Research Team 2,3) livesploit.com ORIGINAL ADVISORY: 1) TippingPoint: http://www.tippingpoint.com/security/advisories/TSRT-06-11.html 2,3) Zero Day Initiative: http://www.zerodayinitiative.com/advisories/ZDI-06-030.html http://www.zerodayinitiative.com/advisories/ZDI-06-031.html CA: http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------