[Japanese]

JVNDB-2008-001779

CA ARCserver Backup and CA ARCserve Backup Client Agent Denial of Service (DoS) Vulnerability

Overview

CA ARCserve Backup and CA ARCserve Backup Client Agent fail to properly handle packets with a large integer value used in an increment to TCP port 41523, which leads to a denial of service (DoS).
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


CA Technologies
  • CA ARCserve Backup r12.0 Windows
  • CA ARCserve Backup r11.1 Windows
  • CA ARCserve Backup r11.5 Windows SP3 and earlier
  • CA Business Protection Suite r2
  • CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
  • CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
  • CA Server Protection Suite r2
Hitachi, Ltd
  • BrightStor ARCserve Backup r11.5 for Windows
  • BrightStor ARCserve Backup r11.5 for Windows Microsoft SQL Suite
  • BrightStor ARCserve Backup r11.5 for Windows Microsoft Exchange Suite
  • BrightStor ARCserve Backup r11.5 for Windows SAN Secondary Server Bundle
  • BrightStor ARCserve Backup r11.5 Universal Client Agent for Windows
  • BrightStor ARCserve Backup r11.5 Universal Client Agent for 64bit Windows
  • BrightStor ARCserve Backup r11.1 for Windows
  • BrightStor ARCserve Backup r11.1 for Windows Microsoft SQL Suite
  • BrightStor ARCserve Backup r11.1 for Windows Microsoft Exchange Suite
  • BrightStor ARCserve Backup r11.1 for Windows SAN Secondary Server Bundle
  • BrightStor ARCserve Backup r11.1 Universal Client Agent for Windows
  • BrightStor ARCserve Backup r11.1 Universal Client Agent for 64bit Windows
  • BrightStor ARCserve Backup Release 11 for Windows
  • BrightStor ARCserve Backup Release 11 for Windows Microsoft SQL Suite
  • BrightStor ARCserve Backup Release 11 for Windows Microsoft Exchange Suite
  • BrightStor ARCserve Backup Release 11 Client Agent for Windows
  • BrightStor ARCserve Backup Release 11 Client Agent for 64bit Windows Server
  • CA ARCserve Backup r12 for Windows
  • CA ARCserve Backup r12 for Windows SAN Secondary Server Bundle
  • CA ARCserve Backup r12 Client Agent for Windows
  • CA ARCserve Backup r12 Client Agent for 64bit Windows (IA64)
  • CA ARCserve Backup r12 - 5 Client Agent for Windows
  • CA ARCserve Backup r12 - 10 Client Agent for Windows

Impact

A remote attacker could cause a denial of service (DoS) condition.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

CA Technologies Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS08-022
CWE (What is CWE?)

  1. Numeric Errors(CWE-189) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-1979
References

  1. National Vulnerability Database (NVD) : CVE-2008-1979
  2. Secunia Advisory : SA29855
  3. SecurityFocus : 28927
  4. SecurityTracker : 1020324
  5. FrSIRT Advisories : FrSIRT/ADV-2008-1354
  6. JVN iPedia (Japanese) : JVNDB-2008-001779
Revision History

  • [2008/10/30]
      Web page published

Date Public2008/04/27
Date First Published2008/10/30
Date Last Updated2008/10/30