Signature Detail

APP: Computer Associates BrightStor ARCserve Backup caloggerd.exe Null Hostname Denial of Service

This signature detects attempts to exploit a known vulnerability in CA BrightStor ARCserve Backup caloggerd process. An attacker can send a specially crafted RPC request, to exploit a Null dereference issue and create a denial-of-service condition on the affected process.

Extended Description

Computer Associates BrightStor ARCserve Backup is prone to multiple denial-of-service vulnerabilities due to memory-corruption issues caused by errors in processing arguments passed to RPC procedures. A remote attacker may exploit these issues to crash the affected services, resulting in denial-of-service conditions. The following applications are affected: BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows BrightStor Enterprise Backup r10.5 CA Server Protection Suite r2, CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected Products

• Computer Associates BrightStor ARCServe Backup 11.1.0
• Computer Associates BrightStor ARCServe Backup 11.5
• Computer Associates BrightStor ARCServe Backup 11.5.2 SP2
• Computer Associates BrightStor ARCServe Backup 9.01
• Computer Associates BrightStor ARCServe Backup for Windows 11.0.0
• Computer Associates BrightStor Enterprise Backup 10.5.0
• Computer Associates Business Protection Suite r2
• Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
• Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
• Computer Associates Server Protection Suite r2

References

• BugTraq: 24017
• CVE: CVE-2007-2772
• URL: http://securitytracker.com/alerts/2007/May/1018076.html
• URL: http://www.milw0rm.com/exploits/3939