Title: CAID 33756 - DM Deployment Common Component Vulnerabilities CA Vulnerability ID: 33756 Discovery Date: 2005-12-20 CA Advisory Date: 2006-01-17 Discovered By: Cengiz Aykanat (CA internal audit), and Karma[at]DesignFolks[dot]com[dot]au. Impact: Remote attacker can cause a denial of service condition. Summary: The following security vulnerability issues have been identified in the DM Primer part of the DM Deployment Common Component being distributed with some CA products: 1) A Denial of Service (DoS) vulnerability has been identified in the handling of unrecognized network messages, which may result in high CPU utilization and excessive growth of the DM Primer log file. 2) A Denial of Service (DoS) vulnerability has been identified with the way in which DM Primer handles receipt of large rogue network messages, which can result in DM Primer becoming unresponsive. Severity: Computer Associates has given this vulnerability a Medium risk rating. Mitigating Factors: These vulnerabilities will only be present if you have utilized the DM Deployment mechanism (bundled with the affected products) to deploy those products within your enterprise environment. Affected Technologies: Please note that the DM Primer component is not a product, but rather a common component that is included with multiple products. Vulnerable versions of the DM Primer component are included in the CA products listed in the Affected Products section below. DM Primer component versions v1.4.154 and v1.4.155 are vulnerable to these issues. These vulnerabilities are not present in DM Primer v11.0 or later. Affected Products: - BrightStor Mobile Backup r4.0 - BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1 - Unicenter Remote Control 6.0, 6.0 SP1 - CA Desktop Protection Suite r2 - CA Server Protection Suite r2 - CA Business Protection Suite r2 - CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 - CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 - CA Business Protection Suite for Midsize Business for Windows r2 Affected platforms: Windows Platforms NOT affected: This version of DM Primer is not supported on any other platforms. Status and Recommendation: Since this version of DM Primer is only utilized for the initial installation of the products, the above vulnerabilities can be addressed by simply removing the DM Primer Service after deployment. To remove the DM Primer component follow the instructions below: dmprimer remove -f: will force the removal of a local DM Primer service, dmsweep -a1:remotecomp -dp:force will force the removal of the DM Primer service from a remote computer called remotecomp. The dmsweep command will be available on the DM Deployment machine (usually the host for the product manager with which it was bundled). It can take a machine name, an ip address, or a range of ip addresses. Some examples are: dmsweep -a1:192.168.0.* -dp:force will forcibly remove DM Primer from all machines on the 192.168.0.* subnet dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force will forcibly remove DM Primer from all machines in the range 192.168.0.1-192.168.0.100 dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force will forcibly remove DM Primer from all machines in the range 192.168.0.1-192.168.0.100 Please refer to the FAQ for answers to commonly asked questions. http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq s.asp References: (note that URLs may wrap) DM Deployment Common Component Security Notice http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not ice.asp Frequently Asked Questions (FAQ) related to this security update http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq s.asp CA Security Advisor site advisory http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756 CVE Reference: Pending http://cve.mitre.org OSVDB Reference: Pending http://osvdb.org Error Handling in DM Primer http://www.designfolks.com.au/karma/DMPrimer/ Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@xxxxxx, or contact me directly. If you discover a vulnerability in CA products, please report your findings to vuln@xxxxxx, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Dir. Vuln Research CA Vulnerability Research Team CA, One Computer Associates Plaza. Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://ca.com/calegal.htm Privacy Policy http://www.ca.com/caprivacy.htm Copyright 2006 CA. All rights reserved.
