Support Content Notification - Support Portal

Security Notice for Alert Notification Server

Product/Component

Notification Id

1883

Last Updated

17 October 2016

Initial Publication Date

17 October 2016

Status

OPEN

Severity

CVSS Base Score

WorkAround

Affected CVE

Issued: April 03, 2008

CA's Technical support is alerting customers to security risks in products that use the Alert Notification Server service. Multiple vulnerabilities exist that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The vulnerabilities, CVE-2007-4620, are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.

Risk Rating

High

Affected Products

CA Anti-Virus for the Enterprise 7.1
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8
CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8.1
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows

How to determine if the installation is affected

For products on Windows:

Using Windows Explorer, locate the file "alert.exe". By default, the file is located in the "C:Program FilesCASharedComponentsAlert" directory.
Right click on the file and select Properties.
Select the Version tab.
If the file version is earlier than indicated in the below table, the installation is vulnerable.

Product	File	Version
CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise 8.1	Alert.exe	8.1.586.0
CA Threat Manager for the Enterprise r8	Alert.exe	8.0.450.0
CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8, BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1	Alert.exe	7.1.758.0

Solution

CA has provided updates to address the vulnerabilities.

CA Anti-Virus for the Enterprise 7.1, CA Anti-Virus for the Enterprise r8:
QO96079

CA Threat Manager for the Enterprise r8:
QO96387

CA Anti-Virus for the Enterprise r8.1, CA Threat Manager for the Enterprise r8.1:
QO96080

BrightStor ARCserve Backup r11.5, BrightStor ARCserve Backup r11.1:
QO96079

BrightStor ARCserve Backup r11.0:
Upgrade to 11.1 and apply the latest patches.

Workaround

None

References

CVE-2007-4620 - Multiple Alert Notification Server buffer overflows

Acknowledgements

CVE-2007-4620 - An anonymous researcher working with the iDefense VCP

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technical Support at http://support.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://support.ca.com/us/product-content/recommended-reading/security-notices/contact-information-for-ca-product-vulnerability-response-team.html.