Security vulnerabilities fixed in multiple CA products
IT management software specialist Computer Associates (CA) has fixed two critical vulnerabilities in 13 of its products. The bugs were discovered by security expert Thierry Zoller. They are triggered when unpacking RAR files, allowing attackers to use crafted archives to execute arbitrary malicious code on systems running vulnerable versions of the CA software. Products which contain the arclib component of the virus scanning engine are affected. According to CA, in addition to the anti-virus solution and Internet Security Suite, this includes ARCserve Backup, Common Services (CCS), eTrust Intrusion Detection, Gateway Security, Network and Systems Management (NSM), Protection Suites, Secure Content Manager and Threat Manager for the Enterprise.
The security problem is not limited to Windows, but occurs under all supported operating systems. In Windows, the version number of the affected library can be checked by viewing the file properties for the file C:\Programme\CA\SharedComponents\ScanEngine\arclib.dll. The bug is fixed in version 220.127.116.11 or later. In the company's eTrust products, the file can be found in either CA\Intrusion Detection\Common or eTrust\Intrusion Detection\Common. Details of which product versions contain the bad library and of available patches can be found in CA's security advisory.
- CA20091008-01: Security Notice for CA Anti-Virus Engine, security advisory from CA.