CA ARCserve Backup tape engine denial of service (MSRPC_ARCserve_TapeEngine_CreateJobHandle_DoS)

About this signature or vulnerability

IBM Security Network Protection, Proventia Server IPS for Linux technology, Proventia Network IPS, IBM Security Host Protection for Servers (Unix), Virtual Server Protection for Vmware, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Desktops, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS:

This signature looks for an RPC message for CA BrightStor ARCserve Backup Tape Engine (UUID 62b93df0-8b02-11ce-876c-00805f842837) with specially-crafted data, which can exploit a vulnerability to cause service to crash.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 32.050, Proventia Network IPS: XPU 32.050, IBM Security Host Protection for Servers (Unix): 2.2.2, Virtual Server Protection for Vmware: XPU 32.050, Proventia-G 1.1 and earlier: XPU 32.050, Proventia Network IDS: XPU 32.050, IBM Security Host Protection for Desktops: 2760, RealSecure Server Sensor: XPU 32.050, IBM Security Host Protection for Servers (Windows): 2.1.14.2760, Proventia Network MFS: XPU 32.050

Systems affected

CA ARCserve Backup: 12.0, CA BrightStor ARCserve Backup: 11.1, CA Business Protection Suite: 2.0, CA Server Protection Suite: 2, CA BrightStor ARCserve Backup: 11.5, CA Business Protection Suite for Microsoft Small Business Server: 2 Standard, CA Business Protection Suite for Microsoft Small Business Server: 2 Premium

Type

Denial of Service

Vulnerability description

CA ARCserve Backup is vulnerable to a denial of service, caused by improper validation by the tape engine service (asdbapi.dll). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the service to crash.

How to remove this vulnerability

Refer to CA Security Advisory Vulnerability ID: 188143 for patch, upgrade or suggested workaround information. See References.

References

CA Security Advisory Vulnerability ID: 188143
Security Notice for CA ARCserve Backup
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

ISS X-Force
CA ARCserve Backup tape engine denial of service
http://www.iss.net/security_center/static/45775.php

CVE
CVE-2008-4398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4398