Security Notice for CA ARCserve Backup Tape Engine and Portmapper
24 May 2019
24 May 2019
Last Updated: March 20, 2007
CA's customer support is alerting customers to multiple security risks with CA ARCserve Backup. Four vulnerabilities exist that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
The first vulnerability, CVE-2006-6076, is due to insufficient bounds checking in the Tape Engine, which can result in a buffer overflow and arbitrary code execution.
The second vulnerability, CVE-2007-0816, concerns how invalid parameters are handled by the portmapper (catirpc.dll) service. By sending a specially malformed request, a remote attacker can crash the service.
The third vulnerability, CVE-2007-1447, is due to a memory corruption occurring with the processing of RPC procedure arguments by the Tape Engine. The vulnerability can result in a denial of service, but potentially can be used to execute arbitrary code.
The fourth vulnerability, CVE-2007-1448, is due to the presence of a RPC function that when called, will disable the Tape Engine interface. A remote attacker can make a request that will effectively shut down Tape Engine functionality.
CA ARCserve Backup r11.5
CA ARCserve Backup r11.1
CA ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
CA ARCserve Backup v9.01
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
How to determine if the installation is affected
- Using Windows Explorer, locate the files "tapeng.dll" and "catirpc.dll". By default, the files are located in the "C:Program FilesCABrightStor ARCserve Backup" directory.
- Right click on each of the files and select Properties.
- Select the General tab.
- If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.
File Name Timestamp File Size catirpc.dll 02/12/2007 10:55:14 102400 bytes tapeeng.dll 02/02/2007 17:05:00 876627 bytes
CA has issued the following patches to address the vulnerabilities.
To reduce exposure, block unauthorized access to ports 6502 (TCP) and 111 (UDP).
If additional information is required, please contact CA Technical Support at https://support.ca.com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at http://www3.ca.com/securityadvisor/vulninfo/submit.aspx.