SupportConnect - CA ARCserve Backup Media Server Security Notice

CA ARCserve Backup Media Server
Security Notice

Last Updated: April 24, 2007

CA's technical support is alerting customers to multiple security risks with CA ARCserve Backup. Multiple vulnerabilities exist with the Media Server component that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

The first vulnerability, CVE-2007-1785, addresses an issue with the processing of an object handle.

The second vulnerability, CVE-2007-2139, is due to insufficient bounds checking.

In both cases, a remote unauthenticated attacker can execute arbitrary code with escalated privileges.

Risk Rating

High

Affected Products

CA ARCserve Backup r11.5
CA ARCserve Backup r11.1
CA ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
CA ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected Platforms

Windows

How to determine if the installation is affected

Using Windows Explorer, locate the file "mediasvr.exe".

  1. By default, the file is located in the "C:\Program Files\CA\CA ARCserve Backup" directory.

  2. Right click on the file and select Properties.

  3. Select the General tab.

  4. If the file timestamp is earlier than indicated in the below table, the installation is vulnerable.
Product Version File Name Timestamp File Size
r11.5 SP3 mediasvr.exe 04/03/2007 10:07:58 110592
r11.5 SP2 mediasvr.exe 04/03/2007 10:00:04 106496
r11.1 mediasvr.exe 04/03/2007 09:55:18 106496
r10.5 mediasvr.exe 04/03/2007 09:46:26 106496
v9.01 mediasvr.exe 04/03/2007 09:51:42 98304

Solution

CA has issued the following patches to address the vulnerabilities.

CA ARCserve Backup r11.5 SP3 - QO87569
CA ARCserve Backup r11.5 SP2 - QO87570
CA ARCserve Backup r11.1 - QO87573
CA ARCserve Backup r11.0 - QI82917
BrightStor Enterprise Backup r10.5 - QO87575
CA ARCserve Backup v9.01 - QO87574

Workaround

CA recommends that CA ARCserve Backup users implement the following temporary workaround to mitigate the vulnerability:

  1. Rename the "mediasvr.exe" file to a non-functional file name, such as "mediasvc.exe.disable".

  2. Then restart the CA BrightStor Tape Engine service.

References

CVE-2007-1785 Media Server Object Handle
CVE-2007-2139 Media Server Buffer Overflow

Acknowledgement

CA thanks ZDI for reporting issue CVE-2007-2139.

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at http://supportconnect.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.