|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Mar 16 2007 - 07:17:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
----------------------------------------------------------------------
TITLE:
CA BrightStor ARCserve Backup Vulnerabilities
SECUNIA ADVISORY ID:
SA24512
VERIFY ADVISORY:
http://secunia.com/advisories/24512/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
From local network
SOFTWARE:
BrightStor ARCserve Backup 11.x
http://secunia.com/product/312/
BrightStor ARCserve Backup 11.x (for Microsoft SQL Server)
http://secunia.com/product/8144/
BrightStor ARCserve Backup 11.x (for Windows)
http://secunia.com/product/3099/
BrightStor ARCserve Backup 9.x
http://secunia.com/product/313/
BrightStor Enterprise Backup 10.x
http://secunia.com/product/314/
DESCRIPTION:
Some vulnerabilities have been reported in BrightStor ARCserve
Backup, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to potentially compromise a vulnerable
system.
1) An unspecified error within the handling of certain RPC request
arguments within the Tape Engine service can be exploited to cause a
memory corruption.
Successful exploitation may allow execution of arbitrary code.
2) An insecure RPC function can be invoked that can cause the Tape
Engine service to shut down.
The vulnerabilities are reported in the following products:
* BrightStor ARCserve Backup r11.5
* BrightStor ARCserve Backup r11.1
* BrightStor ARCserve Backup r11 for Windows
* BrightStor Enterprise Backup r10.5
* BrightStor ARCserve Backup v9.01
* CA Server Protection Suite r2
* CA Business Protection Suite r2
* CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
* CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2
SOLUTION:
Apply patches:
BrightStor ARCserve Backup r11.5 - QO86255:
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86255
BrightStor ARCserve Backup r11.1 - QO86258:
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86258
BrightStor ARCserve Backup r11.0 - QI82917:
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917
BrightStor Enterprise Backup r10.5 - QO86259:
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86259
BrightStor ARCserve Backup v9.01 - QO86260:
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86260
PROVIDED AND/OR DISCOVERED BY:
The vendor credits McAfee.
ORIGINAL ADVISORY:
CA:
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]