Check Point Advisories

CA BrightStor ARCserve Backup Message Engine Insecure Methods (CVE-2007-5328)

Check Point Reference: CPAI-2007-334
Date Published: 14 Oct 2009
Severity: Critical
Last Updated: Tuesday 22 November, 2011
Source:
Industry Reference:CVE-2007-5328
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description CA BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exist unsecured Remote Procedure Call (RPC) methods in the Message Engine service of CA BrightStor Backup product. An unauthenticated remote attacker can send malicious requests to the affected interface to exploit this vulnerability. Successful attack could allow for file system and registry manipulation that leads to complete compromise of the target system. In a successful attack case, the unauthorized attacker can execute System-privileged commands on the target host. These commands are related to file system and registry access and modification, for example, deleting a file from the file system.

Protection Overview

This protection will detect and block the vulnerable RPC methods.A recommended configuration for this protection is, after activation, create Network Exception rules (which can be configured per IPS protection) that will deactivate this protection on connections that come from trusted IPs and Network Objects.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the CA BrightStor ARCserve Backup Message Engine Insecure Methods protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  CA Products Enforcement Violation.
Attack Information:  CA BrightStor ARCserve Backup message engine insecure methods

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK