Computer Associates Alert Notification Server buffer overflow

Added: 07/19/2007
CVE: CVE-2007-3825
BID: 24947
OSVDB: 36096

Background

The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users.

Problem

The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple RPC operations allowing remote attackers to execute arbitrary commands.

Resolution

Apply fix QO89817.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=561&gt;
<http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-secnotice.asp&gt;

Limitations

Exploit works on CA BrightStor ARCserve Backup 11.5 and requires a valid login and password.

The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for performing Windows authentication, which is a requirement for successful exploitation. These packages are available from <http://cpan.org/modules/by-module/&gt;.

Platforms

Windows 2000
Windows Server 2003