With the assistance of iDEFENSE, Computer Associates has identified a buffer overflow vulnerability in the BrightStor ARCserve Backup Universal Agent Service for Windows and the BrightStor Enterprise Backup Universal Agent Service for Windows. This service is a common component of Windows based BrightStor ARCserve Backup and BrightStor Enterprise Backup agents. A remote attacker who successfully exploited this vulnerability could potentially gain privileged access. Computer Associates has posted patches that completely remediate this vulnerability issue on the CA SupportConnect web site (http://supportconnect.ca.com). iDEFENSE has confirmed that the patches fully remediate the reported vulnerability. Computer Associates strongly advises its customers to apply the patch immediately. See below for patch details. Title: Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability Date Published: Monday, April 11, 2005 CA Vulnerability ID: 32727 Impact: Remote attackers can execute arbitrary code. Affected Technologies: BrightStor ARCserve Backup (BAB) r11.1 Windows BrightStor ARCserve Backup 11 for Windows BrightStor ARCserve Backup 9.0 Windows BrightStor ARCserve Backup r11.1 (64-bit) for Windows BrightStor ARCserve Backup r11.1 Client Agent for Windows BrightStor ARCserve Backup Release 11 (64-bit) for Windows BrightStor ARCserve Backup v9.01 Client Agent for Windows BrightStor ARCserve Backup v9.01 Client Agent for Windows Non-English BrightStor ARCserve Backup v9.01 for Windows (64bit edition) BrightStor ARCserve Backup v9.01 for Windows Non-English BrightStor Enterprise Backup 10.0 BrightStor Enterprise Backup 10.5 BrightStor Enterprise Backup v10.5 for Windows (64bit edition) Recommendations: Apply the patches. Links to Knowledge Base Documents and Patches: (Please note potential for line wrap) BrightStor ARCserve Backup r11.1 for Windows (all components): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66526&; startsearch=1 BrightStor ARCserve Backup r11.1 Client Agent for Windows only: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66527&; startsearch=1 BrightStor ARCserve Backup r11.1 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66534&; startsearch=1 BrightStor ARCserve Backup r11.0 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66525&; startsearch=1 BrightStor ARCserve Backup r11.0 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66535&; startsearch=1 BrightStor ARCserve Backup v9.01 for Windows English (all components): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66528&; startsearch=1 BrightStor ARCserve Backup v9.01 for Windows Non-English (all components): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66529&; startsearch=1 BrightStor ARCserve Backup v9.01 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66536&; startsearch=1 BrightStor ARCserve Backup v9.01 Client Agent for Windows only (English): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66530&; startsearch=1 BrightStor ARCserve Backup v9.01 Client Agent for Windows only (Non-English): http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66531&; startsearch=1 BrightStor Enterprise Backup v10.5 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66524&; startsearch=1 BrightStor Enterprise Backup v10.5 for Windows - 64 bit edition: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66533&; startsearch=1 BrightStor Enterprise Backup v10.0 for Windows: http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66523&; startsearch=1 References: CA - CAID 32727 Computer Associates BrightStor ARCserve Backup UniversalAgent buffer overflow vulnerability http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32727 Mitre CVE - CAN-2005-1018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1018 Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com. Computer Associates International, Inc. (CA). One Computer Associates Plaza. Islandia, NY 11749 Contact Us http://ca.com/catalk.htm Legal Notice http://ca.com/calegal.htm Privacy Policy http://ca.com Copyright 2005 Computer Associates International, Inc. All rights reserved -- Ken Williams ; Vulnerability Research Computer Associates ; 0xE2941985 A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985
