Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:CA:ARCSRV:METHOD-EXPOSURE

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure

Release Date

 2010/10/18

Update Number

 1794

Supported Platforms

 idp-4.1.110110609+, isg-3.5.141421+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure


There exist unsecured Remote Procedure Call (RPC) methods in the Message Engine service of CA BrightStor Backup product. An unauthenticated remote attacker can send malicious requests to the affected interface to exploit this vulnerability. Successful attack could allow for file system and registry manipulation that leads to complete compromise of the target system. In a successful attack case, the unauthorized attacker can execute System-privileged commands on the target host. These commands are related to file system and registry access and modification, for example, deleting a file from the file system.

Extended Description

Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues. Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers. The following applications are affected: BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows BrightStor Enterprise Backup r10.5 CA Server Protection Suite r2, CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected Products

  • Computer Associates BrightStor ARCServe Backup 11.1.0
  • Computer Associates BrightStor ARCServe Backup 11.5
  • Computer Associates BrightStor ARCServe Backup 9.01
  • Computer Associates BrightStor ARCServe Backup for Windows 11.0.0
  • Computer Associates BrightStor Enterprise Backup 10.5.0
  • Computer Associates Business Protection Suite r2
  • Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
  • Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
  • Computer Associates Server Protection Suite r2

References

  • BugTraq: 26015
  • CVE: CVE-2007-5328

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out