Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Computer Associates (CA) ARCserve Backup Software for Laptops and Desktops Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-212
Date Published:
Severity:
Source: SECTRACK:1019788
SREASON:3800
Industry Reference(s): CVE-2008-1328
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
CA BrightStor ARCserve Backup for Laptops and Desktops 11.0
CA BrightStor ARCserve Backup for Laptops and Desktops 11.1
CA BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP1 and SP2
CA BrightStor ARCserve Backup Laptops Desktops 11.5
CA Desktop Management Suite 11.1
CA Desktop Management Suite 11.2 English
CA Desktop Management Suite 11.2 Localized
Vulnerability Description
A buffer overflow vulnerability has been detected in several versions of CA ARCserve Backup for Laptops and Desktops Server and CA Management Suite. This vulnerability could allow a remote attacker to cause a Denial of Service or execute arbitrary code in an uprotected system.
Update/Patch Available
CA ARCserve Backup for Laptops and Desktops 11.0 users should upgrade to version 11.1 applying patch QI85497
CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1 and 11.2 SP2 users should apply fix QO95512 
The vendor has provided fix QO95513 for the following products:
CA ARCserve Backup for Laptops and Desktops 11.5
CA Desktop Management Suite 11.2 English
CA Desktop Management Suite 11.2 Localized
CA Desktop Management Suite 11.1 users should upgrade to 11.1 C1
Vulnerability Details
CA ARCserve Backup for Laptops and Desktops versions 11.0 through 11.5 and CA Desktop Management Suite versions 11.1 and 11.2 are vulnerable to a stack-based buffer overflow. This vulnerability is due to improper bounds checking on command arguments by the LGServer service. By sending an unspecified command argument, a remote attacker could execute arbitrary code on the system with system privileges or cause a Denial of Service. 

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 and IPS-1 NGX R65

How Can I Protect My Network?
All IPS-1 Sensors on your network should be updated with this vulnerability protection.

How Do I Know if My Network is Under Attack?
An enterprisesoftware_cabrightstor:srv_hexdata_length_alert will be generated when a hex encoded transmission's data portion exceeds 80 bytes.