CA Alert Notification Server service (Alert.exe) buffer overflow
| ca-alertnotificationserver-bo (41639) |  High Risk |
Description:
The Computer Associates (CA) Alert Notification Service (Alert.exe), which is used in multiple CA products, is vulnerable to multiple stack-based buffer overflows. By sending a specially-crafted RPC request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the service to crash.
Platforms Affected:
- CA, Anti-Virus for the Enterprise 7.1
- CA, Anti-Virus for the Enterprise 8
- CA, Anti-Virus for the Enterprise 8.1
- CA, BrightStor ARCserve Backup 11.0
- CA, BrightStor ARCserve Backup 11.1
- CA, BrightStor ARCserve Backup 11.5
- CA, Threat Manager 8 Enterprise
- CA, Threat Manager 8.1 Enterprise
Remedy:
Refer to the CA Web site for patch, upgrade or suggested workaround information. See References.
Consequences:
Gain Access
References:
- CA Security Response Blog, 2008-04-03, CA Alert Notification Server Multiple Vulnerabilities at http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx.
- CA Web site, Security Notice for Alert Notification Server at https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103.
- iDefense Labs PUBLIC ADVISORY: 04.03.08, Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679.
- BID-28605: Computer Associates Alert Notification Server Multiple Remote Buffer Overflow Vulnerabilities
- CVE-2007-4620: Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
- FrSIRT/ADV-2008-1103: CA Multiple Product Alert Notification Server Buffer Overflow Vulnerabilities
- SA29665: CA Products Alert Notification Server Multiple Vulnerabilities
- SECTRACK ID: 1019789: CA Threat Manager Buffer Overflows in 'Alert.exe' Let Remote Authenticated Users Execute Arbitrary Code
- SECTRACK ID: 1019790: BrightStor ARCserve Backup Buffer Overflows in 'Alert.exe' Let Remote Authenticated Users Execute Arbitrary Code
Reported:
Apr 03, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net