Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
BrightStor ARCserve Backup
(11.1, 11.1 build 3203)
Описание
Переполнение буфера в CA BrightStor ARCserve Backup, BrightStor ARCserve Backup for Windows, BrightStor Enterprise Backup, Server Protection Suite и Business Protection Suite позволяет злоумышленникам, действующим удаленно, выполнить произвольный код, используя специально сформированные данные, которые направляются на TCP-порт 6071 Backup Agent RPC Server (DBASVR.exe) с помощью RPC-процедур с кодом операции 0x01, 0x02 или 0x18; некорретные stub-данные, которые направляются на TCP-портt 6503 RPC-процедур с кодом операции 0x2b или 0x2d в ASCORE.dll в Message Engine RPC Server (msgeng.exe); длинное имя хоста, направляемое на TCP-порт 41523 в ASBRDCST.DLL в Discovery Service (casdscsvc.exe); или через некоторые векторы, связанные с Job Engine Service.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.ca.com/
http://www.ca.com/
Ссылки
http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
BUGTRAQ (20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities): http://www.securityfocus.com/archive/1/archive/1/447862/100/100/threaded
BUGTRAQ (20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447848/100/100/threaded
BUGTRAQ (20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities): http://www.securityfocus.com/archive/1/archive/1/447839/100/100/threaded
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
BID (20365): http://www.securityfocus.com/bid/20365
FRSIRT (ADV-2006-3930): http://www.frsirt.com/english/advisories/2006/3930
SECTRACK (1017003): http://securitytracker.com/id?1017003
SECTRACK (1017004): http://securitytracker.com/id?1017004
SECTRACK (1017005): http://securitytracker.com/id?1017005
SECTRACK (1017006): http://securitytracker.com/id?1017006
XF (ca-dbasvr-rpc-bo(29364)): http://xforce.iss.net/xforce/xfdb/29364
BUGTRAQ (20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447847/100/200/threaded
BUGTRAQ (20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447926/100/200/threaded
BUGTRAQ (20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447930/100/200/threaded
BUGTRAQ (20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447927/100/200/threaded
http://www.lssec.com/advisories/LS-20060220.pdf
http://www.lssec.com/advisories/LS-20060313.pdf
http://www.lssec.com/advisories/LS-20060330.pdf
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
CERT-VN (VU#361792): http://www.kb.cert.org/vuls/id/361792
CERT-VN (VU#860048): http://www.kb.cert.org/vuls/id/860048
http://www.zerodayinitiative.com/advisories/ZDI-06-030.html
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
BUGTRAQ (20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities): http://www.securityfocus.com/archive/1/archive/1/447862/100/100/threaded
BUGTRAQ (20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447848/100/100/threaded
BUGTRAQ (20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities): http://www.securityfocus.com/archive/1/archive/1/447839/100/100/threaded
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
BID (20365): http://www.securityfocus.com/bid/20365
FRSIRT (ADV-2006-3930): http://www.frsirt.com/english/advisories/2006/3930
SECTRACK (1017003): http://securitytracker.com/id?1017003
SECTRACK (1017004): http://securitytracker.com/id?1017004
SECTRACK (1017005): http://securitytracker.com/id?1017005
SECTRACK (1017006): http://securitytracker.com/id?1017006
XF (ca-dbasvr-rpc-bo(29364)): http://xforce.iss.net/xforce/xfdb/29364
BUGTRAQ (20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447847/100/200/threaded
BUGTRAQ (20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447926/100/200/threaded
BUGTRAQ (20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447930/100/200/threaded
BUGTRAQ (20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/447927/100/200/threaded
http://www.lssec.com/advisories/LS-20060220.pdf
http://www.lssec.com/advisories/LS-20060313.pdf
http://www.lssec.com/advisories/LS-20060330.pdf
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
CERT-VN (VU#361792): http://www.kb.cert.org/vuls/id/361792
CERT-VN (VU#860048): http://www.kb.cert.org/vuls/id/860048