Search This Blog

Sunday, September 30, 2007

[NEWS] Computer Associates BrightStor HSM Multiple Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Computer Associates BrightStor HSM Multiple Vulnerabilities
------------------------------------------------------------------------


SUMMARY

Computer Associates <http://www3.ca.com/solutions/Product.aspx?ID=5586>
BrightStor Hierarchical Storage Manager (HSM) is an application used to
create a tiered storage solution for enterprises that require on demand
access to large quantities of data. The HSM caches frequently used files
on hard drives for fast access, and stores seldom used files on tape.
Access to files stored on tape is transparent to the client applications.
The CsAgent process (CsAgent.exe) is a component of the HSM suite, and
listens on TCP port 2000.

Remote exploitation of multiple buffer overflow vulnerabilities in
Computer Associates International Inc.'s (CA) BrightStor HSM allows
attackers to execute arbitrary code with SYSTEM privileges.

DETAILS

Vulnerable Systems:
* Computer Associates BrightStor HSM version r11.5.

These problems specifically exist within various command handlers in the
CsAgent service. There are eleven command handlers that contain one or
more stack based buffer overflow vulnerabilities each. All of these
vulnerabilities are simple sprintf() calls that overflow fixed size stack
buffers with attacker supplied data.

Additionally, there are five command handlers that are vulnerable to
integer overflow vulnerabilities. In addition to this, the function
responsible for reading in and dispatching a request to the appropriate
handler also contains an integer overflow vulnerability. In each case, a
32-bit integer is taken from the packet and either added or multiplied to
determine how much memory to allocate. When these calculations cause an
integer wrap, a heap buffer of insufficient size is allocated. Later, a
heap overflow occurs when filling the buffer.

Exploitation of these vulnerabilities results in the execution of
arbitrary code with SYSTEM privileges. Unsuccessful attempts will crash
the service, but it will be restarted by a watchdog process soon
thereafter.

In order to exploit this vulnerability, an attacker must be able to
establish a TCP session on port 2000 with the vulnerable host. No
authentication is required.

Vendor Status:
Computer Associates has addressed these vulnerabilities with the release
of version r11.6. For more information, consult CA's security notice at
the following URL.

<http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp> http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5082>
CVE-2007-5082
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5083>
CVE-2007-5083

Disclosure Timeline:
* 04/13/2007 Initial vendor notification
* 04/13/2007 Initial vendor response
* 09/27/2007 Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by iDefense.
The original article can be found at:

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=601>

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=601

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

6 comments:

Anonymous said...

Download videos and read stories about incest: [url=http://www.adambagatto.com/picture_library/mature-female-porn-videos.html ]Mom Punishment Petticoat [/url], [url=http://www.adambagatto.com/video/video/incestdad-and-daughter.html ]Mother Sexy [/url], [url=http://www.adambagatto.com/images/gallery/3D/incest-gallery-mom.html ]Mom Sucks Sons Cock [/url], [url=http://www.andrewdabeka.ca/images/moms-pornn-nerds.html ]Fucked Her Son [/url], [url=http://www.andrewdabeka.ca/img/icons/drawn-porn.html ]Fathers Fucking There Daughters [/url], [url=http://www.andrewdabeka.ca/picture_library/porno-mature-mom-and-boy-video.html ]Best Incest/ Porn, Child Incest [/url], [url=http://www.ashphotography.ca/images/hairy-mature-gay-porn.html ]Mom Tgp [/url], [url=http://www.ashphotography.ca/zenphoto/uploaded/mother-daughter-incest-gallery.html ]Caught Mom Masturbating [/url], [url=http://www.ashphotography.ca/jes-new/pages/porn-black-mother-f.html ]Mom Son Wedding Song [/url], [url=http://www.ashphotography.ca/justine/mom-son-porn-incest.html ]Son Sucks Dads Cock [/url]

Anonymous said...

Download videos and read stories about incest: [url=http://dannycraig.com/tracks ]Sexy Soccer Mom [/url], [url=http://debbiebraden.ca//1124/map.html ]Gay Family Incest [/url], [url=http://debbiebraden.ca/picture_library ]Hot Mom Porn [/url], [url=http://degeneratemeonline.com/httpdocs/map.html ]Gay Father And Son [/url], [url=http://dannycraig.com/tracks ]Mother Dressing Boys As Girls [/url], [url=http://degeneratemeonline.com/httpdocs/map.html ]Adult Daughters Of Mean Mothers [/url], [url=http://degeneratemeonline.com/winoverwomen ]Family Incest Art [/url], [url=http://dannycraig.com/img/glyph/map.html ]Erotic Family Incest Stories [/url], [url=http://degeneratemeonline.com/winoverwomen ]Mother Daughter Incest Daughter Incest Incest [/url], [url=http://creditvalleyexplorertourtrain.com/map.html ]Lesbian Incest Galleries [/url]

Anonymous said...

Seeing these kind of posts reminds me of just how technology truly is everywhere in this day and age, and I can say with 99% certainty that we have passed the point of no return in our relationship with technology.


I don't mean this in a bad way, of course! Societal concerns aside... I just hope that as technology further innovates, the possibility of copying our memories onto a digital medium becomes a true reality. It's one of the things I really wish I could experience in my lifetime.


(Posted on Nintendo DS running [url=http://www.leetboss.com/video-games/r4i-r4-sdhc-nintendo-ds]R4i SDHC[/url] DS ComP)

Anonymous said...

[url=http://www.lkinney.com/images]incest porn videos mother son [/url] : [url=http:/www.triplestarmfg.com/Downloads]taboo incest porn [/url] : [url=http://www.tekcelsolar.com/TEKCEL web images]father daughter incest [/url] : [url=http://www.strathconatriclub.ca/aussi_pics_files/_vti_cnf]incest sample clips [/url] : [url=http://www.stgert.com/blog]mother daughter pussies [/url] : [url=http://www.sharonfox.ca/img]aunt nephew naked [/url]

Anonymous said...

[url=http://www.lkinney.com/images][url=http://www.richardreid.ca/picture_library]daughter in the bathtub [/url] <> [url=http:/www.tekcelsolar.com/images]incest sample movies [/url] <> [url=http://www.stgert.com/images]russianincest [/url] <> [url=http://www.peinteck.com/img]incest family jpg [/url] <> [url=http://www.sharonfox.ca/images]incest video pics [/url] <> [url=http://www.strathconatriclub.ca/photogallery/photo00023542]sister licking my [/url]

Anonymous said...

http://hermesoutlet.citationguide.net 46960 981609newest louis vuitton bags 2012 louis vuitton paris钱包 hermes birkin bag used hermes birkin kelly handbag company