---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: CA ARCserve Backup Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32220 VERIFY ADVISORY: http://secunia.com/advisories/32220/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: CA Server Protection Suite r2 http://secunia.com/advisories/product/6873/ CA ARCserve Backup 12.x http://secunia.com/advisories/product/18471/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/advisories/product/3099/ DESCRIPTION: Some vulnerabilities have been reported in CA ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) An input validation error exists in the message engine service when processing RPC call parameters. This can be exploited to execute arbitrary commands via directory traversal attacks. 2) An unspecified error in the tape engine service can be exploited to cause a crash via a specially crafted request. 3) An unspecified error in the database engine service can be exploited to cause a crash via a specially crafted request. 4) An unspecified error while validating authentication credentials can be exploited to crash multiple services. The vulnerabilities affect the following products: * CA ARCserve Backup r12.0 Windows * CA ARCserve Backup r11.5 (formerly BrightStor ARCserve Backup r11.5) Windows * CA ARCserve Backup r11.1 (formerly BrightStor ARCserve Backup r11.1) Windows * CA Server Protection Suite r2 * CA Business Protection Suite r2 * CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 * CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 SOLUTION: Apply patches. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Haifei Li of Fortinet's FortiGuard Global Security Research Team 2, 3) the Vulnerability Research Team of Assurent Secure Technologies 4) Greg Linares of eEye Digital Security ORIGINAL ADVISORY: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------