Computer Associates BrightStor ARCserve Backup Catirpc.EXE Denial Of Service Vulnerability

Bugtraq ID:	22365
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-0816
Remote:	Yes
Local:	No
Published:	Feb 01 2007 12:00AM
Updated:	Jul 05 2007 11:27PM
Credit:	M. Shirk is credited with the discovery of this issue.
Vulnerable:	Computer Associates Server Protection Suite r2 Computer Associates Protection Suites r2 0 Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2 Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2 Computer Associates Business Protection Suite r2 Computer Associates BrightStor Enterprise Backup 10.5 Computer Associates BrightStor ARCserve Backup for Windows (All) 11.5 Computer Associates BrightStor ARCServe Backup 11.5 Computer Associates BrightStor ARCServe Backup 11.1 Computer Associates BrightStor ARCServe Backup 9.01 Computer Associates BrightStor ARCServe Backup 11.5.SP2 Computer Associates BrightStor ARCServe Backup 11.5.SP1 Computer Associates BrightStor ARCServe Backup 11.5 Computer Associates BrightStor ARCServe Backup 11.5 Computer Associates BrightStor ARCServe Backup 11
Not Vulnerable:

Computer Associates BrightStor ARCserve Backup Catirpc.EXE Denial Of Service Vulnerability

Computer Associates BrightStor ARCserve Backup is affected by a denial-of-service vulnerability because the application mishandles unexpected user-supplied input.

A remote attacker may exploit this issue to cause denial-of-service conditions.

Computer Associates BrightStor ARCserve Backup Catirpc.EXE Denial Of Service Vulnerability

To exploit this issue, attackers can use readily available tools for creating network packets.

The following exploit code is available:

• /data/vulnerabilities/exploits/22363.rb

Computer Associates BrightStor ARCserve Backup Catirpc.EXE Denial Of Service Vulnerability

Solution:
The vendor has released an advisory and fixes to address this issue. Please see the references for more information.

Computer Associates BrightStor ARCserve Backup Catirpc.EXE Denial Of Service Vulnerability

References:

• BrightStor ARCserve Backup Product Page (Computer Associates)
  
• CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities (Computer Associates)