Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Assurent VR - CA ARCserve Backup for Laptops and Deskt

from [VR-Subscription-noreply] Network Security [Permanent Link]
Subject: [Full-disclosure] Assurent VR - CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow
Date: Thu, 31 Jul 2008 12:27:36 -0400 (EDT) 
CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow

Assurent ID: FSC20080731-12

1. Affected Software

CA ARCserve Backup for Laptops and Desktops version r11.5
CA ARCserve Backup for Laptops and Desktops version r11.1 SP2
CA ARCserve Backup for Laptops and Desktops version r11.1 SP1
CA ARCserve Backup for Laptops and Desktops version r11.1
CA ARCserve Backup for Laptops and Desktops version r11.0
CA Desktop Management Suite version 11.2
CA Desktop Management Suite version 11.1
CA Protection Suites version r2
CA Protection Suites version 3.0
CA Protection Suites version 3.1

Reference: http://ca.com/smb/product.aspx?id=5286

2. Vulnerability Summary

There exists a buffer overflow vulnerability in the way CA ARCserve Backup for 
Laptops and Desktops handles incoming messages. The vulnerability is due to an 
integer underflow in the LGServer service.

3. Vulnerability Analysis

A remote unauthenticated attacker may exploit the vulnerability by sending a 
malicious request to LGServer service on TCP port 1900. Successful exploitation 
would allow the attacker to cause a denial of service condition, potentially 
inject and execute arbitrary code with privileges of the affected service.

4. Vulnerability Detection

Assurent has confirmed the vulnerability in:

CA ARCserve Backup for Laptops and Desktops version r11.5
CA ARCserve Backup for Laptops and Desktops version r11.1 SP2
CA ARCserve Backup for Laptops and Desktops version r11.1 SP1
CA ARCserve Backup for Laptops and Desktops version r11.1
CA ARCserve Backup for Laptops and Desktops version r11.0
CA Desktop Management Suite version 11.2
CA Desktop Management Suite version 11.1
CA Protection Suites version r2
CA Protection Suites version 3.0
CA Protection Suites version 3.1

5. Workaround

Apply the vendor patch or block communication from untrusted networks to 
affected assets.

6. Vendor Response

CA has released a bulletin addressing this vulnerability. 

Reference: 
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721

7. Disclosure Timeline

  2008-05-30 Reported to vendor
  2008-05-30 Initial vendor response
  2008-07-31 Coordinated public disclosure

8. Credits

Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

  CVE: CVE-2008-3175
  Vendor: 181721

10. About Assurent VRS

Assurent's Vulnerability Research Service (VRS) for security product vendors, 
and Threat Protection Programs (TPP) for MSPs and enterprise security teams, 
help to eliminate the significant costs incurred by security product vendors, 
MSPs, and enterprise security teams in responding to and managing critical new 
security vulnerabilities and other threats including worm & virus outbreaks and 
high-risk spyware. The VRS and TPP services are real-time feeds providing 
subscribers with detailed analysis of the top security vulnerabilities, focused 
on the specific needs of each group of customers. 

http://www.assurent.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Assurent VR - CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow, VR-Subscription-noreply <=
Previous by Date:  [~] Greetz : Me93fg & Mr.SaFa7, Ghost hacker
Next by Date:  [Full-disclosure] iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability, iDefense Labs
Previous by Thread:  [~] Greetz : Me93fg & Mr.SaFa7, Ghost hacker
Next by Thread:  [Full-disclosure] iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]