CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities

Title: CA ARCserve Backup for Laptops and Desktops Server and CA

Desktop Management Suite Multiple Vulnerabilities

CA Advisory Date: 2008-04-03

Reported By: Dyon Balding of Secunia Research

Impact: A remote attacker can execute arbitrary code or cause a

denial of service condition.

Summary: CA ARCserve Backup for Laptops and Desktops Server

contains multiple vulnerabilities that can allow a remote attacker

to execute arbitrary code or cause a denial of service condition.

CA has issued updates to address the vulnerabilities. The first

issue, CVE-2008-1328, occurs due to insufficient bounds checking

on command arguments by the LGServer service. The second issue,

CVE-2008-1329, occurs due to insufficient verification of file

uploads by the NetBackup service. In most cases, an attacker can

potentially gain complete control of an affected installation.

Additionally, only a server installation of BrightStor ARCserve

Backup for Laptops and Desktops is affected. The client

installation is not affected.

Note: the previously published patches for CVE-2007-3216 and

CVE-2007-5005 did not fully address some issues.

Mitigating Factors: Client installations are not affected.

Severity: CA has given these vulnerabilities a maximum risk rating

of High.

Affected Products:

CA ARCserve Backup for Laptops and Desktops r11.5

CA ARCserve Backup for Laptops and Desktops r11.1 SP2

CA ARCserve Backup for Laptops and Desktops r11.1 SP1

CA ARCserve Backup for Laptops and Desktops r11.1

CA ARCserve Backup for Laptops and Desktops r11.0

CA Desktop Management Suite 11.2 English

CA Desktop Management Suite 11.2 localized

CA Desktop Management Suite 11.1

Affected Platforms:

Windows

Status and Recommendation:

CA has provided updates to address the vulnerabilities.

CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1, 11.2

SP2:  QO95512

CA ARCserve Backup for Laptops and Desktops 11.5:  QO95513

CA Desktop Management Suite 11.2 English:  QO95513

CA Desktop Management Suite 11.2 localized:  QO95513

CA Desktop Management Suite 11.1:  Upgrade to 11.1 C1.

CA ARCserve Backup for Laptops and Desktops 11.0:  Upgrade to

ARCserve Backup for Laptops and Desktops version 11.1 and apply

the latest patches.  QI85497

How to determine if you are affected:

For Windows:

1. Using Windows Explorer, locate the file "rxRPC.dll". The

file can be found in the following default locations:

Product:  CA ARCserve Backup for Laptops and Desktops 11.5

Directory Path:  C:\Program Files\CA\BrightStor ARCserve Backup

for Laptops & Desktops\Explorer

Product:  CA ARCserve Backup for Laptops and Desktops 11.1

Directory Path:  C:\Program Files\CA\BrightStor ARCserve Backup

for Laptops & Desktops\server

Product:  CA Desktop Management Suite 11.2 English

Directory Path:  C:\Program Files\CA\DSM\BABLD\MGUI

Product:  CA Desktop Management Suite 11.2 localized

Directory Path:  C:\Program Files\CA\DSM\BABLD\MGUI

2. Right click on the files and select Properties.

3. Select the General tab.

4. If the file date is earlier than indicated in the below

table, the installation is vulnerable.

Product     File Name     File Date / Size

CA ARCserve Backup for Laptops and Desktops 11.5

rxRPC.dll     February 18 2008 / 126976

CA ARCserve Backup for Laptops and Desktops 11.1

rxRPC.dll     February 18 2008 / 114688

CA Desktop Management Suite 11.2 English

rxRPC.dll     February 18 2008 / 126976

CA Desktop Management Suite 11.2 localized

rxRPC.dll     February 18 2008 / 126976

Workaround: None

References (URLs may wrap):

CA Support:

http://support.ca.com/

Security Notice for CA ARCserve Backup for Laptops and Desktops

Server and CA Desktop Management Suite

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1731
05

Solution Document Reference APARs:

QO95512, QO95513, QI85497

CA Security Response Blog posting:

CA ARCserve Backup for Laptops and Desktops Server and CA Desktop

Management Suite Multiple Vulnerabilities

http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/
ca-arcserve-backup-for-laptops-and-desktops-server-and-ca-desktop-manage
ment-suite-multiple-vulnerabilities.aspx

Reported By:

Dyon Balding of Secunia Research

CVE References:

CVE-2008-1328 and CVE-2008-1329

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1328

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1329

OSVDB References: Pending

http://osvdb.org/

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://support.ca.com.

For technical questions or comments related to this advisory,

please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your

findings to vuln AT ca DOT com, or utilize our "Submit a

Vulnerability" form.

URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/

Legal Notice http://www.ca.com/us/legal/

Privacy Policy http://www.ca.com/us/privacy/

Copyright (c) 2008 CA. All rights reserved.