Computer Associates (CA) Arclib library CHM denial of service

ca-arclib-chm-dos (35573)

Low Risk

Description:

Multiple CA applications are vulnerable to a denial of service, caused by an error in the Arclib library. By persuading a victim to scan a specially-crafted CHM archive, a remote attacker could cause the scanning engine to enter an infinite loop, resulting in a denial of service.

Platforms Affected:

• CA, Anti-Spyware 2007
• CA, Anti-Virus 2007 8.0
• CA, Anti-Virus for the Enterprise 7.0
• CA, Anti-Virus for the Enterprise 7.1
• CA, Anti-Virus for the Enterprise 8
• CA, Anti-Virus for the Enterprise 8.1
• CA, Anti-Virus Gateway 7.1
• CA, AntiSpyware for the Enterprise 8
• CA, AntiSpyware for the Enterprise 8.1
• CA, AntiVirus SDK
• CA, BrightStor ARCserve Backup 10.5
• CA, BrightStor ARCserve Backup 11.1
• CA, BrightStor ARCserve Backup 11.5
• CA, BrightStor ARCserve Backup 9.01
• CA, BrightStor ARCserve Backup for Windows 11
• CA, BrightStor ARCserve Client
• CA, Common Services 11
• CA, Common Services 11.1
• CA, eTrust EZ Antivirus 6.1
• CA, eTrust EZ Antivirus 7.0
• CA, eTrust EZ Armor 1
• CA, eTrust EZ Armor 2.0
• CA, eTrust EZ Armor 3
• CA, eTrust Internet Security Suite 1
• CA, eTrust Internet Security Suite 2
• CA, eTrust Intrusion Detection 2.0 SP1
• CA, eTrust Intrusion Detection 3.0
• CA, eTrust Intrusion Detection 3.0 SP1
• CA, Internet Security Suite 2007
• CA, Protection Suites 2
• CA, Protection Suites 3.0
• CA, Secure Content Manager 1.1
• CA, Secure Content Manager 8.0
• CA, Threat Manager 8 Enterprise
• CA, Unicenter NSM 11
• CA, Unicenter NSM 11.1
• CA, Unicenter NSM 3.0
• CA, Unicenter NSM 3.1

Remedy:

Refer to CA SupportConnect July 24th, 2007 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Denial of Service

References:

• CA SupportConnect July 24th, 2007, Security Notice for CA products containing Arclib at http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp.
• iDefense Labs PUBLIC ADVISORY: 07.24.07, Computer Associates AntiVirus CHM File Handling DoS Vulnerability at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567.
• n.runs-SA-2007.024 , CA eTrust Antivirus Infinite Loop DoS Advisory at http://www.nruns.com/security_advisory_ca_etrust_chm_infinite_loop_dos.php.
• BID-25049: Computer Associates Multiple Products Arclib.DLL Malformed CHM File Denial Of Service Vulnerability
• CVE-2007-3875: arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid previous listing chunk number field in a CHM file.
• FrSIRT/ADV-2007-2639: CA Products Arclib Library CHM and RAR File Handling Denial of Service Issues
• SA26155: CA Products CHM and RAR File Processing Denial of Service Vulnerabilities
• SECTRACK ID: 1018450: eTrust Antivirus Bugs in Arclib Library Let Remote Users Deny Service

Reported:

Jul 24, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page