| 网管联盟 | 网管论坛 | 网管u家 | 网管博客 | 网管软件 | 网管求职 | 小游戏 | 网管搜索 | 网管原创 | 网管聚合 | 网管读摘 | 网管焦点 | 世界素材 | 会员投稿 | 会员中心 |
|
| Windows Linux Cisco 网络技术 数据库 黑客攻防 DotNet Java PHP 认证 新闻资讯 服务器 存储资讯 网络设备 网管学堂 技术专题 焦点 网吧频道 |
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 11.5
Description: Several vulnerabilities were reported in CA BrightStor Hierarchical Storage Manager. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
网管有家bitscn.net
A remote user can send specially crafted data to the CsAgent service to trigger a buffer overflow and execute arbitrary code on the target system or cause the target service to crash. The code will run with the privileges of the target service. 网管有家www.bitscn.net
A remote user can also inject SQL commands. 中国网管论坛bbs.bitsCN.com
Sean Larsson of iDefense Labs, Aaron Portnoy of TippingPoint, and an anonymous researcher reported these vulnerabilities.
Impact: A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
Solution: The vendor has issued a fixed version (11.6):
网管u家u.bitscn@com
http://supportconnectw.ca.com/premium/bstorhsm/downloads/BHSMr11_6.zip
网管有家www.bitscn.net
The CA advisory is available at:
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp
Vendor URL: supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp (Links to External Site)
Cause: Boundary error, Input validation error
Underlying OS: Windows (Any)
Reported By: "Williams, James K" <James.Williams@ca.com>
Message History: None. 网管u家u.bitscn@com
Source Message Contents
Date: Wed, 26 Sep 2007 22:37:23 -0400
From: "Williams, James K" <James.Williams@ca.com>
Subject: [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities 网管网www.bitscn.com
Title: [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical
Storage Manager CsAgent Multiple Vulnerabilities
CA Vuln ID (CAID): 35690, 35691, 35692
CA Advisory Date: 2007-09-26
Reported By: Sean Larsson, iDefense Labs
anonymous researcher working with the iDefense VCP
Aaron Portnoy of DV Labs (dvlabs.tippingpoint.com)
Impact: A remote attacker can execute arbitrary code or cause a
denial of service condition.
Summary: Multiple vulnerabilities exist in the CsAgent service
that can allow a remote attacker to execute arbitrary code or
cause a denial of service condition. The first set of
vulnerabilities, CVE-2007-5082, occur due to insufficient bounds
checking in multiple CsAgent service commands. The second set of 网管朋友网www_bitscn_net
vulnerabilities, CVE-2007-5083, occur due to insufficient
validation of integer values in multiple CsAgent service commands,
which can lead to buffer overflow. The third set of
vulnerabilities, CVE-2007-5084, occur due to insufficient
validation of strings used in SQL statements in multiple CsAgent
service commands.
Mitigating Factors:
None
Severity: CA has given these vulnerabilities a maximum risk rating
of High.
Affected Products:
CA BrightStor Hierarchical Storage Manager r11.5
Affected Platforms:
Windows
Status and Recommendation:
CA has provided an update to address the vulnerabilities. Upgrade
to BrightStor Hierarchical Storage Manager r11.6.
BrightStor Hierarchical Storage Manager r11.6:
http://supportconnectw.ca.com/premium/bstorhsm/downloads/BHSMr11_6.zip
How to determine if you are affected: 网管u家www.bitscn.net
Run the BrightStor HSM Administrator GUI and open Help->About from
the toolbar to view the version. If the version is less than 11.6,
the installation is vulnerable.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA BrightStor Hierarchical Storage Manager CsAgent Security Notice
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp
Solution Document Reference APARs:
n/a
CA Security Advisor posting:
CA BrightStor Hierarchical Storage Manager CsAgent Multiple
Vulnerabilities
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156444
CA Vuln ID (CAID): 35690, 35691, 35692
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35690
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35691
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35692
Reported By: Sean Larsson, iDefense Labs; an anonymous researcher 网管有家www.bitscn.net
working with the iDefense VCP; Aaron Portnoy of DV Labs
(dvlabs.tippingpoint.com)
iDefense advisory:
http://labs.idefense.com/intelligence/vulnerabilities/
ZDI advisory:
http://www.zerodayinitiative.com/advisories.html
CVE References:
CVE-2007-5082, CVE-2007-5083, CVE-2007-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5084
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your 网管有家bitscn.net
findings to vuln AT ca DOT com, or utilize our "Submit a
Vulnerability" form.
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2007 CA. All rights reserved.
|
0
|
评论加载中…