|
On June 17th, 2008, CA published a security notice to address a vulnerability in CA ARCserve Backup.
Title: CA ARCserve Backup Discovery Service Denial of Service Vulnerability
Workaround: As a temporary workaround, stop and disable the CA ARCserve Discovery service. With the service disabled, deploying agents using Auto-discovery will not work. References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA ARCserve Discovery Service https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=178937 Solution Document Reference APARs: QO99574, QO99575, QO99129, QO99576, QO99579 CA Security Response Blog posting: CA ARCserve Backup Discovery Service Denial of Service Vulnerability http://community.ca.com/blogs/casecurityresponseblog/archive/2008/06/18.aspx Reported By: Luigi Auriemma http://aluigi.altervista.org/adv/carcbackazz-adv.txt CVE References: CVE-2008-1979 - casdscsvc denial of service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1979 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to our product security response team. URL: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 |
|
On June 3rd, 2008, CA published a security notice to address multiple vulnerabilities in CA Secure Content Manager. Title: CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities |
|
On May 19th, 2008 CA published a security notice to address multiple vulnerabilities in CA ARCserve Backup.
Title: CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities An anonymous researcher working with the iDefense VCP
* For Protection Suites r2 , use the file timestamp for CA ARCserve Backup r11.5. |
|
The Full-Disclosure mailing list is good for interesting, and often humorous, content on a daily basis. The highlight of the week last week was a link to a paper entitled "Automatic Patch-Based Exploit Generation", by David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. From the abstract ... "In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update. [...] Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a worm, all vulnerable hosts could be compromised before most are even aware a patch is available, let alone download it." 2008 is going to be an interesting year for security enthusiasts. Edited to add: Halvar.Flake has a blog post with very insightful commentary on the paper.
|
|
CA is currently investigating vulnerability reports concerning CA ARCserve Backup r12 and CA Secure Content Manager r8 that were published publicly on 4/17/08 and 4/18/08 respectively. CA will issue an advisory if and when the reports have been verified. |
|
On April 15th, 2008 CA published a security notice to address a vulnerability in CA products that implement the DSM gui_cm_ctrls ActiveX control.
Title: CA DSM gui_cm_ctrls ActiveX Control Vulnerability
CA Advisory Date: 2008-04-15
Reported By: Greg Linares of eEye Digital Security
Impact: A remote attacker can execute arbitrary code or cause a denial of service condition.
Summary: CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability, CVE-2008-1786, is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.
Mitigating Factors: For BrightStor ARCserve Backup for Laptops & Desktops, only the server installation is affected. Client installations are not affected. For CA Desktop Management Suite, Unicenter Desktop Management Bundle, Unicenter Asset Management, Unicenter Software Delivery and Unicenter Remote Control, only the Managers and DSM Explorers are affected. Scalability Servers and Agents are not affected.
Severity: CA has given these vulnerabilities a maximum risk rating of High.
Affected Products:
Affected Platforms:
Status and Recommendation:
How to determine if you are affected:
Workaround: As a temporary workaround solution, disable the gui_cm_ctrls ActiveX control in the registry by setting the kill bit on CLSID {E6239EB3-E0B0-46DA-A215-CFA9B3B740C5}. Disabling the control may prevent the GUI from functioning correctly. Refer to Microsoft KB article 240797 for information on how to disable an ActiveX control.
References (URLs may wrap):
Changelog for this advisory:
Customers who require additional information should contact CA Technical Support at http://support.ca.com. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx |
|
On April 3rd, 2008, CA published a security notice to address multiple vulnerabilities in CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite.
Title: CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities
Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105 Solution Document Reference APARs: QO95512, QO95513, QI85497 CA Security Response Blog posting: CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities http://community.ca.com/blogs/[...]-vulnerabilities.aspx Reported By: Dyon Balding of Secunia Research CVE References: CVE-2008-1328 and CVE-2008-1329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1328 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1329 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx |
|
On April 3rd, 2008 CA published a security notice to address a vulnerability in CA Alert Notification Server.
Title: CA Alert Notification Server Multiple Vulnerabilities
Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for Alert Notification Server https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103 Solution Document Reference APARs: QO96079, QO96387, QO96080, QO96079 CA Security Response Blog posting: CA Alert Notification Server Multiple Vulnerabilities http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx Reported By: An anonymous researcher working with the iDefense VCP CVE References: CVE-2007-4620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx |
|
On March 28th, 2008 CA published a security notice to address a vulnerability in CA products that implement the DSM ListCtrl ActiveX control.
Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability |
|
CA is reviewing exploit code that was posted on 2008-03-16 to the Milw0rm exploit archive web site. This exploit code is potentially associated with vulnerabilities that may exist in CA BrightStor ARCserve Backup for Laptops and Desktops and/or related products. CA will issue an advisory after we have completed our initial investigation. |
|
When warning customers, friends, and family about the dangers cybercrime, they usually accuse me of exaggerating the severity of internet related criminal activity. They think I'm sensationalizing an "epidemic" that, in reality, isn't very organized or pervasive. The truth though is that cybercrime is very mature, very businesslike, and more of a threat than ever before. A perfect example of the maturity of internet crime is the Russian Business Network (RBN). The RBN is a subject that is still more or less well known only to security industry practitioners. The Shadowserver Foundation, an internet security watchdog group, published a whitepaper last week entitled "RBN 'Rizing' - Abdallah Internet Hizmetleri". This whitepaper is a follow-up to their first paper on the RBN: "RBN As a Business Network - Clarifying the guesswork of Criminal Activity".
In addition to the great research published by Shadowserver, I also recommend this blog about the RBN and of course the Wikipedia page for the Russian Business Network. |