CA ARCserve Backup tape engine denial of service (MSRPC_ARCserve_TapeEngine_CreateJobHandle_DoS)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Network Protection, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Host Protection for Servers (Unix), Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Host Protection for Desktops:

This signature looks for an RPC message for CA BrightStor ARCserve Backup Tape Engine (UUID 62b93df0-8b02-11ce-876c-00805f842837) with specially-crafted data, which can exploit a vulnerability to cause service to crash.


Default risk level

Medium risk vulnerability  Medium

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2760, RealSecure Server Sensor: XPU 32.050, IBM Security Network Protection: 5.1, Proventia Network IPS: XPU 32.050, Proventia Server IPS for Linux technology: 32.050, Virtual Server Protection for Vmware: XPU 32.050, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IDS: XPU 32.050, Proventia-G 1.1 and earlier: XPU 32.050, Proventia Network MFS: XPU 32.050, IBM Security Host Protection for Desktops: 2760

Systems affected

CA BrightStor ARCserve Backup: 11.1, CA Server Protection Suite: 2, CA Business Protection Suite: 2.0, CA BrightStor ARCserve Backup: 11.5, CA Business Protection Suite for Microsoft Small Business Server: 2 Standard, CA Business Protection Suite for Microsoft Small Business Server: 2 Premium, CA ARCserve Backup: 12.0

Type

Denial of Service

Vulnerability description

CA ARCserve Backup is vulnerable to a denial of service, caused by improper validation by the tape engine service (asdbapi.dll). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the service to crash.

How to remove this vulnerability

Refer to CA Security Advisory Vulnerability ID: 188143 for patch, upgrade or suggested workaround information. See References.

References

CA Security Advisory Vulnerability ID: 188143
Security Notice for CA ARCserve Backup
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

ISS X-Force
CA ARCserve Backup tape engine denial of service
http://www.iss.net/security_center/static/45775.php

CVE
CVE-2008-4398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4398