10 - VU#739409

Executive Summary

Summary
Title	Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives

Informations
Name	VU#739409	First vendor Publication	2007-06-06
Vendor	VU-CERT	Last vendor Modification	2007-06-06
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#739409

Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives

Overview

The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code.

I. Description

The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processing CAB archives. Specifically, the Computer Associates Anti-Virus engine fails to properly validate the size of the file names contained in CAB archives. This may allow a stack-based buffer overflow to occur.

This vulnerability affects numerous Computer Associates products, including:

CA Anti-Virus
eTrust EZ Antivirus
CA Internet Security Suite 2007
eTrust Internet Security Suite
eTrust EZ Armor
CA Threat Manager
CA Protection Suites
CA Secure Content Manager
CA Anti-Virus Gateway
Unicenter Network and Systems Management
BrightStor ARCserve Backup
CA Common Services
CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)

More information is available in the Computer Associates Security Notice issued June 5th, 2007.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition..

III. Solution

Apply an Update

According to the Computer Associates Security Notice issued June 5th, 2007:

CA has issued content update 30.6 to address the vulnerabilities. The updated engine is provided with content updates. Ensure the latest content update is installed if the signature version is less than version 30.6.

Systems Affected

Vendor	Status	Date Updated
Computer Associates	Vulnerable	6-Jun-2007

References

http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
http://secunia.com/advisories/25570/

Credit

This vulnerability was reported by in Tipping Point advisory ZDI-07-035.

This document was written by Jeff Gennari.

Other Information

Date Public	06/05/2007
Date First Published	06/06/2007 01:53:44 PM
Date Last Updated	06/06/2007
CERT Advisory
CVE Name	CVE-2007-2863
Metric	0.00
Document Revision	9

Original Source

Url : http://www.kb.cert.org/vuls/id/739409

CPE : Common Platform Enumeration

Type	Description	Count
Application	Broadcom Anti-Virus For The Enterprise cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:::::::*	1
Application	Broadcom Brightstor Arcserve Backup cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*	3
Application	Broadcom Brightstor Enterprise Backup cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*	1
Application	Broadcom Common Services cpe:2.3:a:broadcom:common_services:3.0:::::::* cpe:2.3:a:broadcom:common_services:2.2:::::::* cpe:2.3:a:broadcom:common_services:2.1:::::::* cpe:2.3:a:broadcom:common_services:2.0:::::::* cpe:2.3:a:broadcom:common_services:1.1:::::::* cpe:2.3:a:broadcom:common_services:1.0:::::::*	6
Application	Ca Anti-Virus For The Enterprise cpe:2.3:a:ca:anti-virus_for_the_enterprise:8::enterprise:::::	1
Application	Ca Brightstor Arcserve Backup cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::	1