main content
Login United States - English
CA, Transforming IT Management
Search Technical Support:
    • How to Buy
    • Insights
      • Insights by Topic
      • Blogs
      • On-Demand Webcasts
      • Podcasts
      • Success Stories
      • White Papers
      • Smart Enterprise Magazine
    • Partners
      • Channel Partners
      • Service & Consulting Partners
      • OEM Partners
      • Strategic Alliances
      • Technology Partners
      • Partner Locator
      • Partner Portal
    • Support
      • Technical Support
        • Enterprise
        • Small and Medium Business
        • Home and Home Office
      • Customer Care
      • Global Security Advisor
      • User Communities
    • Education
      • Find Education by Product Category
      • Find Courses
      • Learning Paths
      • Accreditations
      • Policies
      • Resources
      • Partners
    • Solutions
      • Enterprise IT Management
      • Capability Solutions
      • Industry Solutions
      • Mainframe
      • On-Demand Solutions
      • Services
    • Products
      • Product Categories
        • Application Development & Databases
        • Application Performance Management
        • Database Management
        • Governance
        • Infrastructure & Operations Management
        • Mainframe
        • Project, Portfolio & Financial Management
        • Security Management
        • Service Management
        • Storage and Recovery Management
      • Product List
      • Demos
      • Special Offers
      • Trials
SupportConnect - CA BrightStor Hierarchical Storage Manager CsAgent Security Notice
  

CA BrightStor Hierarchical Storage Manager CsAgent
Security Notice

Last Updated: September 26, 2007

CA's technical support is alerting customers to security risks in BrightStor Hierarchical Storage Manager. Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking with multiple CsAgent service commands.

The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values with multiple CsAgent service commands, which can lead to buffer overflow.

The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.

An attacker can potentially execute arbitrary code and gain control of a host running Hierarchical Storage Manager.

Risk Rating

High

Affected Products

CA BrightStor Hierarchical Storage Manager r11.5

How to determine if the installation is affected

Run the BrightStor HSM Administrator GUI and open Help->About from the toolbar to view the version. If the version is less than 11.6, the installation is vulnerable.

Solution

CA has provided an update to address the vulnerabilities. Upgrade to BrightStor Hierarchical Storage Manager r11.6.

BrightStor Hierarchical Storage Manager r11.6:
http://supportconnectw.ca.com/premium/bstorhsm/downloads/BHSMr11_6.zip

Workaround

None

References

CVE-2007-5082 - Multiple buffer overflows
CVE-2007-5083 - Multiple integer overflows
CVE-2007-5084 - Multiple SQL injection issues

Acknowledgements

CVE-2007-5082 - An anonymous researcher working with the iDefense VCP, Aaron Portnoy of DV Labs (dvlabs.tippingpoint.com)
CVE-2007-5083 - Sean Larsson, iDefense Labs
CVE-2007-5084 - Aaron Portnoy of DV Labs (dvlabs.tippingpoint.com)

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at https://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.

main content
 
 
 
Page Tools
printPrint
 
 
Sitemap  |  Privacy  |  Legal  |  Copyright © 2008 CA
About Us  |  News  |  Events  |  Contact Us  |  RSS Feeds