[security-alerts] FW: [SA23648] CA BrightStor ARCserve Backup Multiple Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> ----------------------------------------------------------------------
> 
> TITLE:
> CA BrightStor ARCserve Backup Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA23648
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/23648/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> BrightStor Enterprise Backup 10.x
> http://secunia.com/product/314/
> BrightStor ARCserve Backup 9.x
> http://secunia.com/product/313/
> BrightStor ARCserve Backup 11.x (for Windows)
> http://secunia.com/product/3099/
> BrightStor ARCserve Backup 11.x (for Microsoft SQL Server)
> http://secunia.com/product/8144/
> BrightStor ARCserve Backup 11.x
> http://secunia.com/product/312/
> 
> DESCRIPTION:
> Several vulnerabilities have been reported in BrightStor ARCserve
> Backup, which can be exploited by malicious people to compromise a
> vulnerable system.
> 
> 1) An error in the handling of opnum 0xBF RPC requests within the
> Tape Engine service can be exploited to execute arbitrary code via a
> specially crafted RPC request sent to the service (default port
> 6502/TCP).
> 
> 2) A boundary error in the handling of opnum 0x2F and opnum 0x75 RPC
> requests within the Message Engine RPC service can be exploited to
> cause a buffer overflow via a specially crafted RPC request sent to
> the service (default ports 6503/TCP and 6504/TCP).
> 
> 3) A boundary error in the handling of opnum 0xCF RPC requests to the
> Tape Engine RPC service can be exploited to cause a buffer overflow
> via a specially crafted RPC request sent to the service (default port
> 6503/TCP).
> 
> 4) Two boundary errors in the handling of RPC requests within the
> Mediasrv.exe service can be exploited to cause a stack-based buffer
> overflow via a specially crafted RPC request sent to the service.
> 
> 5) A boundary error within ASCORE.dll when handling opnum 0x2F RPC
> requests within the Message Engine RPC service can be exploited to
> cause a stack-based buffer overflow via a specially crafted RPC
> request sent to the service (default ports 6503/TCP and 6504/TCP).
> 
> Successful exploitation of the vulnerabilities allow execution of
> arbitrary code.
> 
> SOLUTION:
> Apply fixes:
> 
> BrightStor Enterprise Backup r10.5:
> https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&sear
chID=QO84986
> 
> BrightStor ARCserve Backup v9.01:
> https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&sear
chID=QO84985
> 
> BrightStor ARCserve Backup r11.5:
> https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&sear
chID=QO84983
> 
> BrightStor ARCserve Backup r11.1:
> https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&sear
chID=QO84984
> 
> BrightStor ARCserver Backup r11.0:
> https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&sear
chID=QI82917
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) Discovered by LSsecurity and reported via ZDI.
> 2-3) Discovered by Tenable Network Security and reported via ZDI.
> 4) Paul Mehta, IBM Internet Security Systems X-Force
> 5) Discovered by an anonymous person and reported via iDefense Labs.
> 
> ORIGINAL ADVISORY:
> CA:
> http://supportconnectw.ca.com/public/storage/infodocs/babimpse
> c-notice.asp
> 
> LSsecurity:
> http://livesploit.com/advisories/LS-20061002.pdf
> 
> ZDI:
> http://www.zerodayinitiative.com/advisories/ZDI-07-002.html
> http://www.zerodayinitiative.com/advisories/ZDI-07-003.html
> http://www.zerodayinitiative.com/advisories/ZDI-07-004.html
> 
> IBM ISS:
> http://www.iss.net/threats/252.html
> http://www.iss.net/threats/253.html
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=467
>