Title: CA Alert Notification Server Multiple Vulnerabilities CA Advisory Date: 2008-04-03 Reported By: An anonymous researcher working with the iDefense VCP Impact: A remote authenticated attacker can execute arbitrary code or cause a denial of service condition. Summary: CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service. Mitigating Factors: Remote attacker must have legitimate authentication credentials. Severity: CA has given these vulnerabilities a maximum risk rating of High. Affected Products: CA Anti-Virus for the Enterprise 7.1 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1 BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup r11 for Windows Affected Platforms: Windows Status and Recommendation: CA has provided updates to address the vulnerabilities. CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8: QO96079 CA Threat Manager for the Enterprise r8: QO96387 CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise r8.1: QO96080 BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1: QO96079 BrightStor ARCserve Backup r11.0: Upgrade to 11.1 and apply the latest patches. How to determine if you are affected: For products on Windows: 1. Using Windows Explorer, locate the file "alert.exe". By default, the file is located in the "C:\Program Files\CA\SharedComponents\Alert" directory. 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated in the below table, the installation is vulnerable. Product File Version CA Anti-Virus for the Enterprise r8.1 Alert.exe 8.1.586.0 CA Threat Manager for the Enterprise 8.1 Alert.exe 8.1.586.0 CA Threat Manager for the Enterprise r8 Alert.exe 8.0.450.0 CA Anti-Virus for the Enterprise 7.1 Alert.exe 7.1.758.0 CA Anti-Virus for the Enterprise r8 Alert.exe 7.1.758.0 BrightStor ARCserve Backup r11.5 Alert.exe 7.1.758.0 BrightStor ARCserve Backup r11.1 Alert.exe 7.1.758.0 Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for Alert Notification Server https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1731 03 Solution Document Reference APARs: QO96079, QO96387, QO96080, QO96079 CA Security Response Blog posting: CA Alert Notification Server Multiple Vulnerabilities http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ ca-alert-notification-server-multiple-vulnerabilities.aspx Reported By: An anonymous researcher working with the iDefense VCP CVE References: CVE-2007-4620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved.