Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2007 > CA BrightStor ARCserve Backup Tape Engine and Portmapper vulnerabilities

March 2007

CA BrightStor ARCserve Backup Tape Engine and Portmapper vulnerabilities

ID: 96
Ref: 038/2007
Date: 21 March 2007:11:04:12
Version: 1
Title: CA BrightStor ARCserve Backup Tape Engine and Portmapper vulnerabilities
Abstract: CA BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
Vendors affected: CA
Applications affected: CA
Title: [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities

CA Vuln ID (CAID): 34817, 35058, 35158, 35159

CA Advisory Date: 2007-03-15

Reported By: McAfee

Impact: Remote attackers can cause a denial of service or potentially execute arbitrary code.

Summary: CA BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2006-6076, is due to insufficient bounds checking in the Tape Engine, which can result in a buffer overflow and arbitrary code execution. The second vulnerability, CVE-2007-0816, is related to how invalid parameters are handled by the portmapper (catirpc.dll) service. By sending a specially crafted request, a remote attacker can crash the service. The third vulnerability, CVE-2007-1447, is due to a memory corruption issue that occurs during processing of RPC procedure arguments by the Tape Engine. The vulnerability can result in a denial of service, and can potentially be exploited to execute arbitrary code. The fourth vulnerability, CVE-2007-1448, is due to the presence of an RPC function that, when called, will disable the Tape Engine interface. A remote attacker can make a request that will effectively shut down Tape Engine functionality.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products:
BrightStor Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Protection Suites r2:
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business
Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business
Server Premium Edition r2

Affected Platforms:
Windows

Status and Recommendation:
Customers using vulnerable versions of BrightStor ARCserve Backup should upgrade with the latest patches, which are available for download from http://supportconnect.ca.com.
BrightStor ARCserve Backup r11.5 - QO86255 BrightStor ARCserve Backup r11.1 - QO86258 BrightStor ARCserve Backup r11.0 - QI82917 BrightStor Enterprise Backup r10.5 - QO86259 BrightStor ARCserve Backup v9.01 - QO86260

How to determine if the installation is affected:
1. Using Windows Explorer, locate the files "tapeng.dll" and
"catirpc.dll". By default, the files are located in the
"C:\Program Files\CA\BrightStor ARCserve Backup" directory.
2. Right click on each of the files and select Properties.
3. Select the General tab.
4. If either file timestamp is earlier than what is indicated in
the table below, the installation is vulnerable.

File Name Timestamp File Size
catirpc.dll 02/12/2007 10:55:14 102400 bytes
tapeeng.dll 02/02/2007 17:05:00 876627 bytes

Workaround:
To reduce exposure, block unauthorized access to ports 6502 (TCP) and 111 (UDP).

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Security Notice for BrightStor ARCserve Backup Tape Engine and
Portmapper
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
Solution Document Reference APARs:
QO86255, QO86258, QI82917, QO86259, QO86260 CA Security Advisor posting:
CA BrightStor ARCserve Backup Tape Engine and Portmapper
Vulnerabilities
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
CAID: 34817, 35058, 35158, 35159
CAID Advisory links:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35058
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35158
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35159
Reported By: McAfee
McAfee advisory:
http://www.mcafee.com/us/threat_center/security_advisories.html
CVE References: CVE-2006-6076, CVE-2007-0816, CVE-2007-1447,
CVE-2007-1448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1448
OSVDB Reference: OSVDB-32989, OSVDB-32990, OSVDB-32991,
OSVDB-30637
http://osvdb.org/32989
http://osvdb.org/32990
http://osvdb.org/32991
http://osvdb.org/30637

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability"
form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749

Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2007 CA. All rights reserved.

_____________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.
______________________________________________________________________________

CPNI wishes to acknowledge the contributions of CA for the information contained in this advisory.
______________________________________________________________________________
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |