In association with heise online

18 July 2007, 09:59

Buffer overflow in CA's alert service

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The alert.exe Alert Notification Server, a component of a number of CA products, contains security vulnerabilities, through which an attacker can inject and execute external code with SYSTEM privileges. According to a security advisory from iDefense, the server registers an RPC interface and is therefore accessible in the local network.

Stack based buffer overflows can occur in a number of the server's RPC functions. The service can, for example, be reached using the SMB protocol. An attacker does not therefore require valid login details if the server is running under Windows 2000. According to a security notice from CA, the bugs are due to insufficient bounds checking.

CA has released a software update which fixes the vulnerability. The vulnerable software is included with Threat Manager for the Enterprise r8, Protection Suites r3, BrightStor ARCserve Backup r11 for Windows, r11.1, r11.5, BrightStor Enterprise Backup r10.5, BrightStor ARCserve Backup v9.01, BrightStor ARCserve Client Agent for Windows and eTrust Antivirus. Administrators should install the update as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit