Support Content Notification - Support Portal

Security Notice for CA ARCserve Backup Tape Engine and Portmapper

Product/Component

Notification Id

1892

Last Updated

24 May 2019

Initial Publication Date

24 May 2019

Status

OPEN

Severity

CVSS Base Score

WorkAround

Affected CVE

Last Updated: March 20, 2007

CA's customer support is alerting customers to multiple security risks with CA ARCserve Backup. Four vulnerabilities exist that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.

The first vulnerability, CVE-2006-6076, is due to insufficient bounds checking in the Tape Engine, which can result in a buffer overflow and arbitrary code execution.

The second vulnerability, CVE-2007-0816, concerns how invalid parameters are handled by the portmapper (catirpc.dll) service. By sending a specially malformed request, a remote attacker can crash the service.

The third vulnerability, CVE-2007-1447, is due to a memory corruption occurring with the processing of RPC procedure arguments by the Tape Engine. The vulnerability can result in a denial of service, but potentially can be used to execute arbitrary code.

The fourth vulnerability, CVE-2007-1448, is due to the presence of a RPC function that when called, will disable the Tape Engine interface. A remote attacker can make a request that will effectively shut down Tape Engine functionality.

Risk Rating

High

Affected Products

CA ARCserve Backup r11.5
CA ARCserve Backup r11.1
CA ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
CA ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

How to determine if the installation is affected

Using Windows Explorer, locate the files "tapeng.dll" and "catirpc.dll". By default, the files are located in the "C:Program FilesCABrightStor ARCserve Backup" directory.
Right click on each of the files and select Properties.
Select the General tab.

If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.

File Name	Timestamp	File Size
catirpc.dll	02/12/2007 10:55:14	102400 bytes
tapeeng.dll	02/02/2007 17:05:00	876627 bytes

Solution

CA has issued the following patches to address the vulnerabilities.

CA ARCserve Backup r11.5 - QO86255
CA ARCserve Backup r11.1 - QO86926
CA ARCserve Backup r11.0 - QI82917
BrightStor Enterprise Backup r10.5 - QO86259
CA ARCserve Backup v9.01 - QO86260

Workaround

To reduce exposure, block unauthorized access to ports 6502 (TCP) and 111 (UDP).

References

CVE-2006-6076 Tape Engine buffer overflow
CVE-2007-0816 catirpc.dll denial of service
CVE-2007-1447 Tape Engine memory corruption
CVE-2007-1448 Disable Tape Engine

Acknowledgement

CA would like to thank McAfee for reporting issues CVE-2006-6076, CVE-2007-1447, and CVE-2007-1448.

If additional information is required, please contact CA Technical Support at https://support.ca.com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www3.ca.com/securityadvisor/vulninfo/submit.aspx.