Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

Security Notice for CA products running the Alert service

Issued: July 17th, 2007
Updated: April 10th, 2009

CA's customer support is alerting customers to security risks in CA products that implement the Alert service. Multiple vulnerabilities exist that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued an update to address the vulnerabilities.

The vulnerabilities, CVE-2007-3825, are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can cause a buffer overflow, which can lead to arbitrary code execution or service failure.

Risk Rating

High

Affected Products

CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Protection Suites r3
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01

How to determine if the installation is affected

For products on Windows:

  1. Using Windows Explorer, locate the file "alert.exe". By default, the file is located in the "C:Program FilesCASharedComponentsAlert" directory.

  2. Right click on the file and select Properties.

  3. Select the Version tab.

  4. If the file version is earlier than indicated in the below table, the installation is vulnerable.

    ProductFile NameFile Version
    CA Threat Manager for the Enterprise, CA Anti-Virus for the Enterprisealert.exe8.0.255.0
    BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1alert.exe7.1.758.0

Solution

This security notice has been superseded by the following notice:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

CA has provided an update to address the vulnerabilities. The updated Alert service must be manually installed.

For CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8, CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8, CA Protection Suites r3: apply QO89817.

For ARCserve Backup and Enterprise Backup, apply Q096079.

Workaround

As a temporary workaround, disable the Alert Notification Server service. Please note that the following alert functionality will be disabled:

  • Email, Printer, SNMP, SMTP, and broadcast alerts

  • Any configured alerts

  • Alerts configured for reports and Server Admin

References

CVE-2007-3825 Multiple Alert buffer overflows

Acknowledgement

CVE-2007-3825 - An anonymous researcher working with the iDefense VCP.

Change History

Version 1.0: Initial Release
Version 1.1: Added CA Anti-Virus for the Enterprise to Affected Products
Version 1.2: Removed BrightStor ARCserve Client agent for Windows from Affected Products
Version 1.3: Changed solution information for BrightStor ARCserve Backup
Version 1.4: Updated ARCserve Backup and Enterprise Backup solution information
Version 1.5: Added ARCserve Backup file version and supersedes information

If additional information is required, please contact CA Technical Support at http://support.ca.com.

If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782