Update Protection Against Computer Associates (CA) Product Alert Notifications Server Multiple Buffer Overflow Vulnerabilities
| Check Point Reference: | CPAI-2008-211 | |
| Date Published: | ||
| Severity: | ||
| Source: | SECUNIA:29665 | |
| Industry Reference(s): | CVE-2007-4620 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? CA Anti-Virus for the Enterprise 7.1 CA Anti-Virus for the Enterprise 8.0 CA Anti-Virus for the Enterprise 8.1 CA BrightStor ARCserve Backup 11.0 CA BrightStor ARCserve Backup 11.1 CA BrightStor ARCserve Backup 11.5 CA Threat Manager for the Enterprise 8.0 CA Threat Manager for the Enterprise 8.1 | ||
| Vulnerability Description Several buffer overflow vulnerabilities have been identified in CA Product Alert Notification Service (Alert.exe) that could allow a remote attacker to execute arbitrary code or cause a Denial of Service in several versions of CA Anti-Virus for Enterprise, CA Threat Manager for Enterprise and CA BrightStor ARCserve Backup. |
||
|
Update/Patch Available The vendor has provided patches for the following affected products: CA Anti-virus 7.1 and 8.0 users should apply Fix QO96079 CA Anti-virus 8.1 and Threat Manger 8.1 users should apply Fix QO96080 CA Threat Manager 8.0 users should apply Fix QO96387 CA BrightStor ARCserve Backup 11.1 and 11.5 should apply Fix QO96079 BrightStor ARCserve Backup 11.0 users should upgrade to version 11.1 and apply the most recent fixes. |
|
|
Vulnerability Details Mutiple stack-based buffer overflow vulnerabilities in CA Product Alert Notification Server could allow an authenticated remote attacker to cause a Denial of Service or execute arbitrarary code on a vulnerable system by sending sending a specially-crafted RPC requestst. |
To configure the defense, select your product from the list below and follow the related protection steps.