Sunday, September 23, 2007

[NT] CA ARCserve Backup for Laptops and Desktops Authentication Bypass Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

CA ARCserve Backup for Laptops and Desktops Authentication Bypass
Vulnerability
------------------------------------------------------------------------


SUMMARY

<http://www3.ca.com/solutions/Product.aspx?ID=263> ARCServe Backup for
Laptops and Desktops is "a version of ARCServe Backup targeted at small to
medium sized businesses, with many mobile/remote users. It provides client
agents that detect network connectivity and commit backup data when it is
found". Remote exploitation of an authentication bypass vulnerability in
Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows
attackers to execute arbitrary code with SYSTEM privileges.

DETAILS

Vulnerable Systems:
* ARCServe Backup for Laptops and Desktops version R11.1 Build 900

This vulnerability specifically exists since the command handlers that
service network requests do not check to see if the peer is authenticated.

Analysis:
Exploitation of this vulnerability allows an attacker to execute all
commands granted to the server administrator. An attacker can add and
delete users and entire organizations, and initiate restore operations for
clients that connect to the server.

Using this vulnerability, an attacker is able to upload arbitrary files
to the server. This results in the execution of arbitrary code with SYSTEM
privileges.

Vendor response:
Computer Associates has addressed this vulnerability with an update. For
more information consult CA's security notice at the following URL.
<http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp> http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5006>
CVE-2007-5006

Disclosure Timeline:
03/06/2007 - Initial vendor notification
03/06/2007 - Initial vendor response
09/20/2007 - Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by
<mailto:idlabs-advisories@idefense.com> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=598>

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=598

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

1 comment:

  1. Anonymous11:50 PM

    Hmm it appears like your website ate my first comment
    (it was super long) so I guess I'll just sum it up what I had written and say, I'm thoroughly enjoying your blog.
    I as well am an aspiring blog writer but I'm still new to the whole thing. Do you have any points for newbie blog writers? I'd definitely
    appreciate it.

    Also visit my site :: Nude

    ReplyDelete