__________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                           BrightStor ARCserve Backup

December 11, 2006 19:00 GMT                                       Number R-070
______________________________________________________________________________
PROBLEM:       This vulnerability involves an overflow condition that can 
               allow arbitrary code to be executed remotely with local SYSTEM 
               privileges on Windows. 
PLATFORM:      BrightStor ARCserve Backup r11.5 SP1 and below (SP2 does not 
               have this vulnerability please apply 11.5 sp2) 
               BrightStor ARCserve Backup r11.1 
               BrightStor ARCserve Backup for Windows r11 
               BrightStor Enterprise Backup r10.5 
               BrightStor ARCserve Backup v9.01 
               CA Server Protection Suite r2 
               CA Business Protection Suite r2 
               CA Business Protection Suite for Microsoft Small Business Server 
               Standard Edition r2 
               CA Business Protection Suite for Microsoft Small Business Server 
               Premium Edition r2 
DAMAGE:        Could be exploited by remote attackers to cause a denial of 
               service or take complete control of an affected system. 
SOLUTION:      Apply current patches. 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. Could allow a remote attacker to gain root 
ASSESSMENT:    privileges. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/r-070.shtml 
 ORIGINAL BULLETIN:  http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp
______________________________________________________________________________

[******  Start BrightStor ARCserve Backup ******]

 Important Security Notice for
BrightStor ARCserve Backup

December 08, 2006

CA's Technical Support is alerting customers to a security risk associated with the BrightStor ARCserve Backup. Researchers at Assurent (www.assurent.com) detected an exploitable problem and reported the vulnerability to CA. We have been working with them to understand the nature of the problem and to make certain that the provided remedy addresses the problem.

CA has confirmed the presence of this vulnerability and has completed development of the update that provides protection against it. Upon completion of quality assurance testing, the update will be released and made available to CA customers on December 7, 2006.

This vulnerability involves an overflow condition that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.

Customers with vulnerable versions of the BrightStor ARCserve Backup products should upgrade to the latest versions which will be available for download from supportconnect.ca.com on or before December 7.

Affected products:
BrightStor Products
  	BrightStor ARCserve Backup r11.5 SP1 and below (SP2 does not have this vulnerability please apply 11.5 sp2)
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Protection Suites r2
  	CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected platforms:

Windows

Prerequisite conditions for the vulnerability to be exploitable :

None

Fixes to apply:

BAB r11.5 sp2 – SP2 does not contain the vulnerability, there is no fix to apply.
BAB r11.5 sp1 and below - QO81201
BAB r11.1 - QO84609
BAB r11.0 - QI82917
BEB r10.5 - QO84611
BAB v9.01 - QO84610

Should you require additional information, please contact CA Technical Support at supportconnect.ca.com.

[******  End BrightStor ARCserve Backup ******]

_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of CA for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

R-060: libgsf Buffer Overflow
R-061: HTTP Requests in Sun Java System Server(s)
R-062: proftpd Several Vulnerabilities
R-063: Vulnerability in Microsoft Word
R-064: GnuPG Security Update
R-065: Google Mini and Google Search Appliance Vulnerable
R-066: Adobe Download Manager Vulnerability
R-067: l2tpns Buffer Overflow
R-068: Microsoft Windows Media Player
R-069: IBM Tivoli Storage Manager