KLA10094 DoS vulnerabilities in CA products

An unspecified vulnerability was found in CA products. By exploiting this vulnerability malicious users can cause denial of service or possibly execute arbitrary code. This vulnerability can be exploited from the network at a point related to arclib via a specially designed RAR archive.

Original advisories

CA bulletin

Related products

eTrust-Antivirus

eTrust-InoculateIT-6.x-for-Windows

BrightStor-ARCserve-Backup

CA-Anti-Virus-2008

CA-Internet-Security-Suite

CA-Integrated-Threat-Management-r8

BrightStor-ARCserve

CVE list

CVE-2009-3587 critical

CVE-2009-3588 warning

Solution

Update to latest version

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• CA Anti-Virus for the Enterprise versions 7.1, 8, 8.1CA Anti-Virus versions 2007, 2008, 2009CA Anti-Virus Plus version 2009CA Internet Security Suite versions 2007, 2008CA Internet Security Suite Plus versions 2008, 2009CA Threat Manager for the Enterprise versions 8, 8.1CA Threat Manager Total DefenseCA Gateway Security version 8.1CA Protection Suites versions 2, 3, 3.1CA Secure Content Manager 1.1, 8.0CA Network and Systems Management versions 3.0, 3.1, 11, 11.1CA ARCserve Backup versions 11.5, 12, 12.0 SP1, 12.0 SP2, 12.5 for WindowsCA ARCserve Backup version 11.5 for LinuxCA ARCserve for Windows Client AgentCA ARCserve for Windows Server componentCA eTrust Intrusion Detection versions 2.0 SP1, 3.0, 3.0 SP1CA Common Services versions 3.1, 11, 11.1CA Anti-Virus SDKCA Anti-Virus Gateway 7.1