| Check Point Reference: |
CPAI-2008-211 |
| Date Published: |
3 Jun 2008 |
| Severity: |
High
|
| Last Updated: |
Tuesday 01 January, 2008 |
| Source: |
SECUNIA:29665 |
| Industry Reference: | CVE-2007-4620 |
| Protection Provided by: |
|
| Who is Vulnerable? | CA Anti-Virus for the Enterprise 7.1
CA Anti-Virus for the Enterprise 8.0
CA Anti-Virus for the Enterprise 8.1
CA BrightStor ARCserve Backup 11.0
CA BrightStor ARCserve Backup 11.1
CA BrightStor ARCserve Backup 11.5
CA Threat Manager for the Enterprise 8.0
CA Threat Manager for the Enterprise 8.1 |
| Vulnerability Description |
Several buffer overflow vulnerabilities have been identified in CA Product Alert Notification Service (Alert.exe) that could allow a remote attacker to execute arbitrary code or cause a Denial of Service in several versions of CA Anti-Virus for Enterprise, CA Threat Manager for Enterprise and CA BrightStor ARCserve Backup. |
| Update/Patch Avaliable | The vendor has provided patches for the following affected products:
CA Anti-virus 7.1 and 8.0 users should apply Fix QO96079
CA Anti-virus 8.1 and Threat Manger 8.1 users should apply Fix QO96080
CA Threat Manager 8.0 users should apply Fix QO96387
CA BrightStor ARCserve Backup 11.1 and 11.5 should apply Fix QO96079
BrightStor ARCserve Backup 11.0 users should upgrade to version 11.1 and apply the most recent fixes. |
| Vulnerability Details | Mutiple stack-based buffer overflow vulnerabilities in CA Product Alert Notification Server could allow an authenticated remote attacker to cause a Denial of Service or execute arbitrarary code on a vulnerable system by sending sending a specially-crafted RPC requestst. |
Feedback