Description: Some vulnerabilities have been reported in various CA products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors in some RPC routines within the the Alert Notification Server (alert.exe). These can be exploited to cause stack-based buffer overflows by sending specially crafted RPC requests to the RPC interface with GUID 3d742890-397c-11cf-9bf1-00805f88cb72 using the SMB protocol.
Successful exploitation allows execution of arbitrary code, but requires valid user credentials on Windows XP and newer systems.
The vulnerabilities affect the following products:
* CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
* CA Protection Suites r3
* BrightStor ARCserve Backup r11.5
* BrightStor ARCserve Backup r11.1
* BrightStor ARCserve Backup r11 for Windows
* BrightStor Enterprise Backup r10.5
* BrightStor ARCserve Backup v9.01
* BrightStor ARCserve Client agent for Windows
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
