-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities CA Vuln ID (CAID): 34993 CA Advisory Date: 2007-01-23 Discovered By: Next Generation Security Software Impact: Remote attacker can cause a denial of service or execute arbitrary code. Summary: CA BrightStor ARCserve Backup for Laptops and Desktops contains multiple overflow conditions that can allow a remote attacker to cause a denial of service, or execute arbitrary code with local SYSTEM privileges on Windows. Mitigating Factors: None. Severity: CA has given these vulnerability issues a High risk rating. Affected Products: BrightStor Products: BrightStor ARCserve Backup for Laptops and Desktops r11.1 SP1 BrightStor ARCserve Backup for Laptops and Desktops r11.1 BrightStor ARCserve Backup for Laptops and Desktops r11.0 BrightStor Mobile Backup r4.0 CA Protection Suites r2: CA Desktop Protection Suite r2 CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 CA Desktop Management Suite: DMS r11.0 DMS r11.1 Affected platforms: Microsoft Windows Status and Recommendation: Customers with vulnerable versions of the BrightStor ARCserve Backup Laptops & Desktops product should upgrade to the latest versions, which are available for download from http://supportconnect.ca.com. BABLD r11.1 SP2 – SP2 does not contain the vulnerability, so there is no fix to apply. BABLD r11.1 SP1 - QO83833 BABLD r11.0 - QI85497 DMS r11.1 - QO85401 DMS r11.0 - QI85423 BMB r4.0 - QO85402 Determining if you are affected: Refer to the appropriate APAR for details. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for this vulnerability: Important Security Notice for BrightStor ARCserve Backup for Laptops & Desktops http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimps ec-notice.asp Solution Document Reference APARs: QO83833, QI85497, QO85401, QI85423, QO85402 CA Security Advisor posting: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696 CAID: 34993 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34993 Discoverer: Next Generation Security Software Next Generation Security Software advisories: http://www.ngssoftware.com/ CVE Reference: CVE-2007-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0449 OSVDB Reference: OSVDB ID: 31593 http://osvdb.org/31593 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@ca.com. If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza, Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2007 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRbeBG3klkd/ilBmFEQL12wCbBUR46GYTAOS1OUk1ZXfUpGhofnwAoI0m pFdFNE2I0ibQgd4Y42JFxGVw =RShv -----END PGP SIGNATURE-----