Intrusion Prevention

CA.BrightStor.ARCserve.Backup.Tape.Engine.RPC.Memory.Corruption

Description

This indicates an attack attempt against a memory-corruption vulnerability in CA BrightStor ARCserve Backup.
The vulnerability is caused by an error in tapeeng.dll while handling some malicious stub data. By sending a specially crafted RPC request to the Tape Engine, a remote attacker may overflow a buffer and execute arbitrary code on a vulnerable system.

Affected Products

Computer Associates Server Protection Suite r2
Computer Associates Protection Suites r2 0
Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
Computer Associates Business Protection Suite r2
Computer Associates BrightStor Enterprise Backup 10.5
Computer Associates BrightStor ARCserve Backup for Windows (All) 11.5
Computer Associates BrightStor ARCServe Backup 11.1
Computer Associates BrightStor ARCServe Backup 9.01
Computer Associates BrightStor ARCServe Backup 11.5

Impact

System Compromise: Remote attackers can gain control of the vulnerable system.

Recommended Actions

CA BrightStor ARCserve Backup r11.5 - Apply patch QO86255 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86255
CA BrightStor ARCserve Backup r11.1 - Apply patch QO86258 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86258
CA BrightStor ARCserve Backup r11.0 - Apply patch QI82917 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917
CA BrightStor Enterprise Backup r10.5 - Apply patch QO86259 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86259
CA BrightStor ARCserve Backup v9.01 - Apply patch QO86260 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO86260

CVE References

CVE-2007-1447