Executive Summary

Summary
Title CA ARCserve Backup authentication service denial-of-service vulnerability
Informations
Name VU#408099 First vendor Publication 2012-10-30
Vendor VU-CERT Last vendor Modification 2012-10-30
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#408099

CA ARCserve Backup authentication service denial-of-service vulnerability

Original Release date: 30 Oct 2012 | Last revised: 30 Oct 2012

Overview

The CA ARCserve Backup authentication service, caauthd.exe, is susceptible to a denial-of-service vulnerability. CA ARCserve Backup r16 SP1 was reported to be vulnerable.

Description

The Offensive Security advisory states:

    By specifying an invalid field size for the encrypted username or password in a crafted RPC packet, the authentication service performs an invalid pointer dereference while trying to decrypt the character string. Authentication is not required to trigger the vulnerability and successful exploitation of this vulnerability for the caauthd.exe process will lead to a denial of service.

Additional details may be found in CA20121018-01: Security Notice for CA ARCserve Backup.

Impact

An unauthenticated remote attacker may be able to trigger a denial-of-service condition.

Solution

Apply a Patch

  • CA ARCserve Backup for Windows r12.5 apply patch RO49917
  • CA ARCserve Backup for Windows r15 apply patch RO49916
  • CA ARCserve Backup for Windows r16 apply patch RO49750

If you cannot patch for whatever reason please consider the following workarounds.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CA TechnologiesAffected11 Jul 201231 Aug 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal6.1E:POC/RL:OF/RC:C
Environmental6.1CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={F9EEA31E-8089-423E-B746-41B5C9DD2AC1}

Credit

Thanks to Matteo Memelli of Offensive Security for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-2972
  • Date Public:31 Aug 2012
  • Date First Published:30 Oct 2012
  • Date Last Updated:30 Oct 2012
  • Document Revision:22

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/408099

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OpenVAS Exploits

Date Description
2012-11-20 Name : CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)
File : nvt/gb_ca_arcserve_backup_rpc_services_mult_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-10-25 IAVM : 2012-B-0106 - Multiple Vulnerabilities in Computer Associates ARCserve Backup
Severity : Category I - VMSKEY : V0034512

Nessus® Vulnerability Scanner

Date Description
2012-11-05 Name : The remote host has a backup application installed that is affected by multip...
File : arcserve_backup_ca20121018.nasl - Type : ACT_GATHER_INFO