Buffer overflow in CA's alert service
The alert.exe Alert Notification Server, a component of a number of CA products, contains security vulnerabilities, through which an attacker can inject and execute external code with SYSTEM privileges. According to a security advisory from iDefense, the server registers an RPC interface and is therefore accessible in the local network.
Stack based buffer overflows can occur in a number of the server's RPC functions. The service can, for example, be reached using the SMB protocol. An attacker does not therefore require valid login details if the server is running under Windows 2000. According to a security notice from CA, the bugs are due to insufficient bounds checking.
CA has released a software update which fixes the vulnerability. The vulnerable software is included with Threat Manager for the Enterprise r8, Protection Suites r3, BrightStor ARCserve Backup r11 for Windows, r11.1, r11.5, BrightStor Enterprise Backup r10.5, BrightStor ARCserve Backup v9.01, BrightStor ARCserve Client Agent for Windows and eTrust Antivirus. Administrators should install the update as soon as possible.
- Computer Associates Alert Notification Server Multiple Buffer Overflow Vulnerabilities, security advisory from iDefense
- Security Notice for CA products running the Alert service, security advisory from CA
- Download the updated version of alert.exe