Risk
3/28/2008
08:44 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

CA Customers Newly Targeted

While most software exploits target end users and end-point applications, this one is aiming squarely at corporate users.

While most software exploits target end users and end-point applications, this one is aiming squarely at corporate users.Just last week researchers started warning about a single vulnerability that affects a large number of CA (the software vendor formally known as Computer Associates) products, from CA BrightStor ARCServe Backup through various Unicenter apps.

According to a security bulletin published by FrSIRT, the flaw in question is critical, and can lead to denial-of-service attacks and even the commandeering of the targeted system.

BTW - the error that makes all of this fun possible is (yet another) buffer overflow. (Maybe we should all start writing our representatives and demand that there be a federal "Developers: Check Your Inputs Day." It might help build some much needed awareness on a very old problem.)

This vulnerability is a big deal by itself, first because of the huge install-base of the affected products, and second because of the nature of these applications. Being able to compromise one of these systems in a corporation could make a quick stepping-stone to more crucial servers - especially considering how mushy-gushy most corporate network security is deep behind the DMZ.

What makes it more interesting, as Roger Thompson points out over at Exploit Prevention Labs is that a working attack exploit has been added to the NeoSploit attack framework.

CA has issued a patch.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5075
Published: 2014-12-27
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.

CVE-2011-4720
Published: 2014-12-27
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

CVE-2011-4722
Published: 2014-12-27
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

CVE-2012-1203
Published: 2014-12-27
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

CVE-2012-1302
Published: 2014-12-27
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.