Numerous holes in CA's ARCserve Backup for Laptops and Desktops
Computer Associates reports the discovery of numerous vulnerabilities in its ARCserve enterprise backup solution for laptops and desktops. Attackers can exploit these holes to gain remote control of a management PC and cause it to crash. The vendor says that client installations are not affected. Users can now download an update that remedies the flaws.
Whilst CA only speaks of five vulnerabilities in its security advisory, iDefense asserts that around 60 stack and heap overflows can occur during the handling of certain arguments and commands in the LGserver on port 1900 alone. Most of these overflows reportedly allow code to be injected and executed with system rights. Furthermore, similar flaws are found in authentication functions. But it gets worse: attackers can circumvent authentication altogether, and the NetBackup service does not make sure that the source from which files are uploaded is genuine. As a result, files of arbitrary origin can be uploaded to the server.
The following products for Windows are affected:
CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA ARCserve Backup for Laptops and Desktops r4.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
CA Desktop Management Suite 11.0
CA Protection Suites r2
- CA ARCserve Backup for Laptops and Desktops Server Security Notice, CA's security advisory
- CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability, iDefense's security advisory
- CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities, iDefense's security advisory
- Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops, eEye's security advisory
(mba)