Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21017
HistoryDec 14, 2008 - 12:00 a.m.

CA ARCserve Backup LDBserver Vulnerability

2008-12-1400:00:00
vulners.com
11
JSON

Title: CA ARCserve Backup LDBserver Vulnerability

CA Advisory Date: 2008-12-10

Reported By:
Dyon Balding of Secunia Research

Impact: A remote attacker can cause a denial of service or execute
arbitrary code.

Summary: CA ARCserve Backup contains a vulnerability that can
allow a remote attacker to cause a denial of service or execute
arbitrary code. CA has issued patches to address the
vulnerability. The vulnerability, CVE-2008-5415, is due to
insufficient verification of client data. A remote attacker can
crash the LDBserver service or execute arbitrary code in the
context of the service. Note: The client installation is not
affected.

Mitigating Factors: The client installation is not affected.

Severity: CA has given this vulnerability a High risk rating.

Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server
Premium Edition r2

*Formerly known as BrightStor ARCserve Backup.

Non-Affected Products
CA ARCserve Backup r12.0 Windows SP1

Affected Platforms:
Windows

Status and Recommendation:
CA has issued the following patches to address the vulnerability.

CA ARCserve Backup r12.0 Windows:
Apply Service Pack 1 (RO01340)

CA ARCserve Backup r11.5 Windows:
RO04383

CA ARCserve Backup r11.1 Windows:
RO04382

CA Protection Suites r2:
RO04383

How to determine if you are affected:

CA ARCserve Backup r12.0 Windows,
CA ARCserve Backup r11.5 Windows:

  1. Run the ARCserve Patch Management utility. From the Windows
    Start menu, it can be found under:
    Programs > CA > ARCserve Patch Management > Patch Status

  2. The main patch status screen will indicate if the respective
    patch in the below table is currently applied. If the patch is
    not applied, the installation is vulnerable.

Product Patch
CA ARCserve Backup r12.0 Windows RO01340
CA ARCserve Backup r11.5 Windows* RO04383

For more information on the ARCserve Patch Management utility,
read document TEC446265.

Alternatively, use the file information below to determine if the
product installation is vulnerable.

CA ARCserve Backup r11.1 Windows:

  1. Using Windows Explorer, locate the file "DBserver.dll". By
    default, the file is located in the
    "C:\Program Files\CA\BrightStor ARCserve Backup" directory.

  2. Right click on the file and select Properties.

  3. Select the General tab.

  4. If the file timestamp is earlier than indicated in the table
    below, the installation is vulnerable.

Product version: CA ARCserve Backup r11.1 Windows
File Name: DBserver.dll
File Size: 675840 bytes
Timestamp: 11/25/2008 09:32:21

*CA Protection Suites r2 includes CA ARCserve Backup 11.5

Workaround: None

References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup LDBserver
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1942
93
Solution Document Reference APARs:
RO01340, RO04383, RO04382
CA Security Response Blog posting:
CA ARCserve Backup LDBserver Vulnerability
community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx
Reported By:
Dyon Balding of Secunia Research
CVE References:
CVE-2008-5415 - LDBserver code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5415
OSVDB References: Pending
http://osvdb.org/

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to the CA Product Vulnerability Response Team.
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777
82

Regards,
Ken Williams, Director ; 0xE2941985
CA Product Vulnerability Response Team

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2008 CA. All rights reserved.

Related

nessus 1
securityvulns 2
prion 1
cve 1
nessus
nessus
Computer Associates ARCserve Backup LDBserver Remote Code Execution Vulnerability
2013-08-26 00:00:00
securityvulns
securityvulns
CA ARCserve Backup code execution
2008-12-14 00:00:00
Secunia Research: CA ARCserve Backup RPC "handle_t" Argument Vulnerability
2008-12-14 00:00:00
prion
prion
Code injection
2008-12-11 15:30:00
cve
cve
CVE-2008-5415
2008-12-11 15:30:00
JSON
Related for SECURITYVULNS:DOC:21017
nessus1securityvulns2prion1cve1