main content
Login United States - English
CA, Transforming IT Management
Search Technical Support:
    • How to Buy
    • Insights
      • Insights by Topic
      • Blogs
      • On-Demand Webcasts
      • Podcasts
      • Success Stories
      • White Papers
      • Smart Enterprise Magazine
    • Partners
      • Channel Partners
      • Service & Consulting Partners
      • OEM Partners
      • Strategic Alliances
      • Technology Partners
      • Partner Locator
      • Partner Portal
    • Support
      • Technical Support
        • Enterprise
        • Small and Medium Business
        • Home and Home Office
      • Customer Care
      • Global Security Advisor
      • User Communities
    • Education
      • Find Education by Product Category
      • Find Courses
      • Learning Paths
      • Accreditations
      • Policies
      • Resources
      • Partners
    • Solutions
      • Enterprise IT Management
      • Capability Solutions
      • Industry Solutions
      • Mainframe
      • On-Demand Solutions
      • Services
    • Products
      • Product Categories
        • Application Development & Databases
        • Application Performance Management
        • Database Management
        • Governance
        • Infrastructure & Operations Management
        • Mainframe
        • Project, Portfolio & Financial Management
        • Security Management
        • Service Management
        • Storage and Recovery Management
      • Product List
      • Demos
      • Special Offers
      • Trials
SupportConnect - Security Notice for CA products running the Alert service
  

Security Notice for CA products running the Alert service

Issued: July 17th, 2007
Updated: March 19th, 2007

CA's customer support is alerting customers to security risks in CA products that implement the Alert service. Multiple vulnerabilities exist that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued an update to address the vulnerabilities.

The vulnerabilities, CVE-2007-3825, are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can cause a buffer overflow, which can lead to arbitrary code execution or service failure.

Risk Rating

High

Affected Products

CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01

How to determine if the installation is affected

For products on Windows:

  1. Using Windows Explorer, locate the file "alert.exe". By default, the file is located in the "C:\Program Files\CA\SharedComponents\Alert" directory.

  2. Right click on the file and select Properties.

  3. Select the Version tab.

  4. If the file version is earlier than indicated in the below table, the installation is vulnerable.

    File Name File Version
    alert.exe 8.0.255.0

Solution

CA has provided an update to address the vulnerabilities. The updated Alert service must be manually installed.

For CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8, CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8,
CA Protection Suites r3:
apply QO89817.

A patch is currently not available for BrightStor ARCserve Backup.

Workaround

As a temporary workaround, disable the Alert Notification Server service. Please note that the following alert functionality will be disabled:

  • Email, Printer, SNMP, SMTP, and broadcast alerts

  • Any configured alerts

  • Alerts configured for reports and Server Admin

References

CVE-2007-3825 Multiple Alert buffer overflows

Acknowledgement

CVE-2007-3825 - An anonymous researcher working with the iDefense VCP.

Change History

Version 1.0: Initial Release
Version 1.1: Added CA Anti-Virus for the Enterprise to Affected Products
Version 1.2: Removed BrightStor ARCserve Client agent for Windows from Affected Products
Version 1.3: Changed solution information for BrightStor ARCserve Backup

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at https://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.

main content
 
 
 
Page Tools
printPrint
 
 
Sitemap  |  Privacy  |  Legal  |  Copyright © 2008 CA
About Us  |  News  |  Events  |  Contact Us  |  RSS Feeds