<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 9pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
it is so amazing that the vendor's advisory has been released more than one month ago, (see my advisory of a similar vul at <A href="http://ruder.cdut.net/blogview.asp?logID=221">http://ruder.cdut.net/blogview.asp?logID=221</A>), and another thing is that I have tested my reported vul again after CA's patch released one month ago, but in fact they have not fixed it!! I report it again to CA but there is no response, I guess CA is making an international joke with us:), or because this product is sooooooooo bad that they will not support it any more?<BR>
<BR>
<BR><BR>welcome to my blog:<BR><A href="http://ruder.cdut.net">http://ruder.cdut.net</A><BR>
<BR>
<BR><BR>> From: zdi-disclosures@3com.com<BR>> To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com<BR>> Date: Mon, 26 Nov 2007 16:10:30 -0600<BR>> Subject: [Full-disclosure] ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability<BR>> <BR>> ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method <BR>> Exposure Vulnerability<BR>> http://www.zerodayinitiative.com/advisories/ZDI-07-069.html<BR>> November 26, 2007<BR>> <BR>> -- CVE ID:<BR>> CVE-2007-5328<BR>> <BR>> -- Affected Vendor:<BR>> Computer Associates<BR>> <BR>> -- Affected Products:<BR>> BrightStor ARCserve Backup r11.5<BR>> BrightStor ARCserve Backup r11.1<BR>> BrightStor ARCserve Backup r11.0<BR>> BrightStor Enterprise Backup r10.5<BR>> BrightStor ARCserve Backup v9.01<BR>> <BR>> -- TippingPoint(TM) IPS Customer Protection:<BR>> TippingPoint IPS customers have been protected against this<BR>> vulnerability by Digital Vaccine protection filter ID 5144. <BR>> For further product information on the TippingPoint IPS:<BR>> <BR>> http://www.tippingpoint.com <BR>> <BR>> -- Vulnerability Details:<BR>> This vulnerability allows attackers to arbitrarily access and modify the<BR>> file system and registry of vulnerable installations of Computer<BR>> Associates BrightStor ARCserve Backup. Authentication is not required<BR>> to exploit this vulnerability.<BR>> <BR>> The specific flaws exists in the Message Engine RPC service which<BR>> listens by default on TCP port 6504 with the following UUID:<BR>> <BR>> 506b1890-14c8-11d1-bbc3-00805fa6962e<BR>> <BR>> The service exposes a number of insecure method calls including: 0x17F,<BR>> 0x180, 0x181, 0x182, 0x183, 0x184, 0x185, 0x186, 0x187, 0x188, 0x189,<BR>> 0x18A, 0x18B, and 0x18C. Attackers can leverage these methods to<BR>> manipulate both the file system and registry which can result in a<BR>> complete system compromise.<BR>> <BR>> -- Vendor Response:<BR>> Computer Associates has issued an update to correct this vulnerability.<BR>> More details can be found at:<BR>> <BR>> http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp<BR>> <BR>> -- Disclosure Timeline:<BR>> 2007.01.12 - Vulnerability reported to vendor<BR>> 2007.11.26 - Coordinated public release of advisory<BR>> <BR>> -- Credit:<BR>> This vulnerability was discovered by Tenable Network Security.<BR>> <BR>> -- About the Zero Day Initiative (ZDI):<BR>> Established by TippingPoint, The Zero Day Initiative (ZDI) represents <BR>> a best-of-breed model for rewarding security researchers for responsibly<BR>> disclosing discovered vulnerabilities.<BR>> <BR>> Researchers interested in getting paid for their security research<BR>> through the ZDI can find more information and sign-up at:<BR>> <BR>> http://www.zerodayinitiative.com<BR>> <BR>> The ZDI is unique in how the acquired vulnerability information is used.<BR>> 3Com does not re-sell the vulnerability details or any exploit code.<BR>> Instead, upon notifying the affected product vendor, 3Com provides its<BR>> customers with zero day protection through its intrusion prevention<BR>> technology. Explicit details regarding the specifics of the<BR>> vulnerability are not exposed to any parties until an official vendor<BR>> patch is publicly available. Furthermore, with the altruistic aim of<BR>> helping to secure a broader user base, 3Com provides this vulnerability<BR>> information confidentially to security vendors (including competitors)<BR>> who have a vulnerability protection or mitigation product.<BR>> <BR>> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,<BR>> is being sent by 3Com for the sole use of the intended recipient(s) and<BR>> may contain confidential, proprietary and/or privileged information.<BR>> Any unauthorized review, use, disclosure and/or distribution by any <BR>> recipient is prohibited. If you are not the intended recipient, please<BR>> delete and/or destroy all copies of this message regardless of form and<BR>> any included attachments and notify 3Com immediately by contacting the<BR>> sender via reply e-mail or forwarding to 3Com at postmaster@3com.com. <BR>> _______________________________________________<BR>> Full-Disclosure - We believe in it.<BR>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html<BR>> Hosted and sponsored by Secunia - http://secunia.com/<BR><BR><br /><hr />比尔盖茨的电脑里刚刚安装的软件——新一代的Windows Live 2.0! <a href='http://get.live.cn' target='_new'>立刻体验!</a></body>
</html>