=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN492
_____________________________________________________________________

DATE                      : 10/12/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running BrightStor ARCserve Backup.

======================================================================
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
______________________________________________________________________

BrightStor ARCserve Backup Security Notice

Issued: October 10, 2007
Last Updated: December 06, 2007

Note: Updated patches are available. The original patches did not fully
address some issues.

CA's technical support is alerting customers to security risks
associated with BrightStor ARCserve Backup. Multiple vulnerabilities
exist that can allow  a remote attacker to cause a denial of service,
execute arbitrary code, or take privileged action. CA has issued patches
to address the vulnerabilities.

The first set of vulnerabilities, CVE-2007-5325, CVE-2007-5326, and
CVE-2007-5327, occur due to insufficient bounds checking by multiple
components.

The second vulnerability, CVE-2007-5328, occurs due to privileged
functions being available for use without proper authorization.

The third set of vulnerabilities, CVE-2007-5329, CVE-2007-5330,
CVE-2007-5331, and CVE-2007-5332, are due to a memory corruption
occurring with the processing of RPC procedure arguments by multiple
services. The vulnerabilities allow an attacker to cause a denial of
service, or potentially to execute arbitrary code.


Risk Rating

High


Affected Products

BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
   Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
   Premium Edition r2


How to determine if the installation is affected

    1. Using Windows Explorer, locate the file "asdbapi.dll". By default,
       the file is located in the "C:\Program Files\CA\BrightStor 
ARCserve
       Backup" directory.

    2. Right click on the file and select Properties.

    3. Select the General tab.

    4. If the file timestamp is earlier than indicated in the below
       table, the installation is vulnerable.


       Product Version 	File Name 	Timestamp 	File Size
       11.5 	asdbapi.dll 	10/24/2007 08:43:08 	1249354 bytes
       11.1 	asdbapi.dll 	10/19/2007 17:56:00 	856064 bytes
       9.01 	asdbapi.dll 	10/19/2007 18:02:22 	700416 bytes


       * For Protection Suites r2, follow instructions for BrightStor
         ARCserve Backup r11.5


Solution

CA has issued the following patches to address the vulnerabilities.

BrightStor ARCserve Backup r11.5 - QO92996
BrightStor ARCserve Backup r11.1, - QO92849
BrightStor ARCserve Backup r11.0 - Upgrade to 11.1 and apply the latest
    patches.
BrightStor Enterprise Backup r10.5 - Upgrade to 11.5 and apply the
latest patches.
BrightStor ARCserve Backup v9.01 - QO92848
CA Protection Suites r2: QO92996


Workaround

None


References

CVE-2007-5325 - Message Engine and AScore.dll buffer overflows
CVE-2007-5326 - RPC and rpcx.dll buffer overflows
CVE-2007-5327 - Message Engine buffer overflows
CVE-2007-5328 - Privileged function exposure
CVE-2007-5329 - dbasvr memory corruption
CVE-2007-5330 - RPC service memory corruption
CVE-2007-5331 - lqserver and media server memory corruption
CVE-2007-5332 - mediasvr and caloggerd memory corruption


Acknowledgement

CVE-2007-5325 - An anonymous researcher working with the iDefense VCP
CVE-2007-5326 - Dyon Balding of Secunia Research
CVE-2007-5327 - cocoruder of Fortinet Security Research Team
CVE-2007-5328 - Tenable Network Security
CVE-2007-5329 - Pedram Amini of DV Labs (dvlabs.tippingpoint.com)
CVE-2007-5330 - Dyon Balding of Secunia Research
CVE-2007-5331 - eEye Digital Security
CVE-2007-5332 - shirkdog

Special thanks to Dyon Balding of Secunia and to Fortinet for reporting
issues with the original patches.


Change History

Version 1.0: Initial Release
Version 1.1: Provided updated patch information, modified file
information in "How to determine if the installation is affected"
section.

If additional information is required, please contact CA Technical
Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your
findings to  vuln AT ca DOT com, or utilize our "Submit a Vulnerability"
form at http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================