FYI...

- http://isc.sans.org/diary.php?storyid=1876
Last Updated: 2006-11-22 00:34:25 UTC
"A new remote code execution vulnerability on ARCServe Backup version 11.5 has been released today. The vulnerability exploits the handling of RPC requests on port 6502. Proof of concept code has been released to the public at this point..."

> http://secunia.com/advisories/22285/
...Solution:
Update to the latest version. Apply additional fixes to correct previously incomplete patches.
http://supportconnect.ca.com

> Other References:
US-CERT:
http://www.kb.cert.org/vuls/id/361792
1-Nov-2006
-and-
http://www.kb.cert.org/vuls/id/860048
2-Nov-2006

> http://supportconnectw.ca.com/public/stora...r-secnotice.asp
-and-
http://www3.ca.com/securityadvisor/blogs/p...mp;date=2006/10



This post has been edited by AplusWebMaster: Mar 19 2007, 02:12 PM

FYI...

- http://secunia.com/advisories/23060/
Release Date: 2006-11-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Unpatched
Software: BrightStor ARCserve Backup 11.x, BrightStor ARCserve Backup 11.x (for Microsoft SQL Server),
BrightStor ARCserve Backup 11.x (for Windows)
...The vulnerability is reported in version 11.5. Other versions may also be affected.
Solution: The vendor is reportedly working on a solution.
Original Advisory:
http://lists.grok.org.uk/pipermail/full-di...ber/050808.html ..."

- http://www.us-cert.gov/current/#CADOS
Updated: 11/22/2006
"...Until an official update, patch, or more information becomes available, US-CERT recommends the following action to help mitigate the security risks:
* Block port 6502/tcp at the firewall ..."



This post has been edited by AplusWebMaster: Nov 24 2006, 01:10 PM

FYI...

- http://www.us-cert.gov/current/#caupdate
March 16, 2007 ~ "Computer Associates has released updates to address four vulnerabilities in their BrightStor ARCserve Backup product. The most severe of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code or create a denial of service condition. More information about these vulnerabilities can be found in the Security Notice* for BrightStor ARCserve Backup Tape Engine and Portmapper..."

> http://secunia.com/advisories/24512/

* http://www3.ca.com/securityadvisor/newsinf...aspx?cid=101317

.

FYI...

> http://www.us-cert.gov/current/#cabsrpc
added March 30, 2007
"US-CERT is aware of publicly available exploit code for vulnerability in Computer Associates' BrightStor ARCserve Backup software. The vulnerability is caused by an unspecified error in the way that the "mediasvr.exe" process handles crafted RPC requests. Successful exploitation of the vulnerability allows an attacker to gain shell access to the target machine. Until a fix becomes available, US-CERT recommends that users restrict access to RPC..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1785

- http://www3.ca.com/securityadvisor/newsinf...aspx?cid=101947
"CA is aware that functional exploit code was publicized on March 30, 2007 for a CA BrightStor ARCserve Backup Mediasvr.exe vulnerability. We have verified that a high risk vulnerability does exist and we are now working on a patch to address the issue. CA recommends that BrightStor ARCserve Backup users implement the following temporary workaround to mitigate the vulnerability:
1) Rename the "mediasvr.exe" file to a non-functional file name, such as "mediasvc.exe.disable".
2) Then restart the CA BrightStor Tape Engine service.
This will disable the command line functionality in the product (i.e. command line utilities such as ca_backup, ca_restore, ca_merge, ca_qmgr, ca_scan, etc will not work). After we have completed our analysis of the issue, we will post an update and patches on the CA SupportConnect website..."

.

This post has been edited by AplusWebMaster: Apr 2 2007, 01:39 PM

FYI...

CA BrightStor ARCserve Backup Media Svr vuln - updates available
- http://secunia.com/advisories/24972/ -and- http://secunia.com/advisories/24682
Release Date: 2007-04-25
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch...
Description: Some vulnerabilities have been reported in BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system...
Solution: Apply patches...
Original Advisory: CA:
http://supportconnectw.ca.com/public/stora...r-secnotice.asp
April 24, 2007

.

FYI...

- http://secunia.com/advisories/26088/
Release Date: 2007-07-18
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
...Successful exploitation allows execution of arbitrary code, but requires valid user credentials on Windows XP and newer systems.
The vulnerabilities affect the following products:
* CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
* CA Protection Suites r3
* BrightStor ARCserve Backup r11.5
* BrightStor ARCserve Backup r11.1
* BrightStor ARCserve Backup r11 for Windows
* BrightStor Enterprise Backup r10.5
* BrightStor ARCserve Backup v9.01
* BrightStor ARCserve Client agent for Windows
Solution: Apply update QO89817.
http://supportconnect.ca.com/sc/redir.jsp?...earchID=QO89817
Original Advisory:
CA: http://supportconnectw.ca.com/public/antiv...s-secnotice.asp ..."

.

FYI...

- http://secunia.com/advisories/25606/
Release Date: 2007-06-11
Last Update: 2007-09-24
Critical: Moderately critical
Impact: Security Bypass, Manipulation of data, System access
Where: From local network
Solution Status: Vendor Patch
Software: CA ARCserve Backup for Laptops & Desktops 11.x
CA ARCserve Backup for Laptops & Desktops 4.x
CA Desktop Management Suite 11.x
CA Protection Suites 2.x...
Original Advisory: CA:
- http://supportconnectw.ca.com/public/sams/...uritynotice.asp
September 21, 2007

.

FYI...

CA BrightStor ARCServe Backup Multiple Vulns
- http://secunia.com/advisories/27192/
Release Date: 2007-10-11
Critical: Moderately critical
Impact: Security Bypass, DoS, System access
Where: From remote ...
Solution: Apply updates...
Original Advisory: CA:
- http://supportconnectw.ca.com/public/stora...b-secnotice.asp
Last Updated: October 11, 2007
Risk Rating: High
Affected Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 ...

.

FYI...

CA BrightStor ARCserve Backup vuln - update available
- http://secunia.com/advisories/29408
Last Update: 2008-03-28
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch ...
Solution: Apply updates. Please see vendor advisory for details.
Original Advisory: CA:
https://support.ca.com/irj/portal/anonymous...Ctr_secnot.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1472

FYI...

- http://secunia.com/advisories/30300/
Release Date: 2008-05-20
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: BrightStor ARCserve Backup 11.x, BrightStor ARCserve Backup 11.x (for Windows),
CA Server Protection Suite r2
Solution: Apply patches. Please see the vendor's advisory for more information...
Patch Information
- https://support.ca.com/irj/portal/anonymous...ontentID=176798

26 Related Secunia Security Advisories, displaying 10
1. CA Products Alert Notification Server Multiple Vulnerabilities
2. CA Products Ingres User Authentication Security Issue
3. CA BrightStor ARCServe Backup Multiple Vulnerabilities
4. CA Products CHM and RAR File Processing Denial of Service Vulnerabilities
5. CA Products Alert Notification Server Multiple Buffer Overflows
6. CA Products Ingres Database Vulnerabilities
7. CA Anti-Virus Engine CAB Archive Processing Buffer Overflows
8. CA BrightStor ARCserve Backup Two Denial of Service Vulnerabilities
9. CA BrightStor ARCserve Backup Media Server Multiple Buffer Overflows
10. CA BrightStor ARCserve Backup MEDIASVR.EXE RPC Request Code Execution...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2242

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2241
Last revised: 5/21/2008
CVSS v2 Base score: 10.0 (High)...

.

FYI...

- http://secunia.com/advisories/31319/
Release Date: 2008-08-01
Critical: Moderately critical
Impact: DoS. System access
Where: From local network
Solution Status: Vendor Patch
Software: CA ARCserve Backup for Laptops & Desktops 11.x...
Solution: Apply updates... (multiple links at Secunia URL above and CA URL below.)
Original Advisory: CA:
https://support.ca.com/irj/portal/anonymous...ontentID=181721 ...
Issued: July 31, 2008
Risk Rating: High

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3175
Last revised: 8/4/2008
CVSS v2 Base score: 10.0 (High)



This post has been edited by AplusWebMaster: Aug 4 2008, 09:57 AM