Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability

Subscribe

Check Point Reference: CPAI-2008-100
Date Published:
Severity:
Last Updated:
Source: Secunia Advisory: SA30300
Industry Reference(s): CVE-2008-2242
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
CA ARCserve Backup r11.0
CA ARCserve Backup r11.1
CA ARCserve Backup r11.5
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
Vulnerability Description
A buffer overflow vulnerability has been discovered in CA BrightStor ARCserve Backup. Computer Associates (CA) provides a group of security and management products for enterprise as well as individual clients. CA BrightStor ARCserve Backup provides centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system.
Update/Patch Available
Apply patches:
CA
Vulnerability Details
The vulnerability is due to boundary errors in CA BrightStor ARCserve Backup in the xdr_rwsstring library function. A remote attacker might exploit this vulnerability by sending a long parameter into a daemon using this function to process strings. Successful exploitation of this issue allows the attacker to execute arbitrary code on the vulnerable system.

Protection Overview
By enabling this protection, SmartDefense will detect and block long parameters sent to the vulnerable function.

In order for the protection to be activated, update your product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > Various Backup Software Protocols, and select the CABrightstor ARCServe Backup - RPC protection group.
3. Click CABrightstor CALoggerd XDR Parse Alert (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entry will be logged:

Alert Name: enterprisesoftware_rpccabrightstor
Description: cabrightstor_caloggerd_xdr_parse_alert