Williams, James K
20/01/06, 03:15
Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities
CA Vulnerability ID: 33756
Discovery Date: 2005-12-20
CA Advisory Date: 2006-01-17
Discovered By: Cengiz Aykanat (CA internal audit), and=20
Karma[at]DesignFolks[dot]com[dot]au.
Impact: Remote attacker can cause a denial of service condition.
Summary: The following security vulnerability issues have been=20
identified in the DM Primer part of the DM Deployment Common=20
Component being distributed with some CA products:
1) A Denial of Service (DoS) vulnerability has been identified in=20
the handling of unrecognized network messages, which may result=20
in high CPU utilization and excessive growth of the DM Primer=20
log file.
2) A Denial of Service (DoS) vulnerability has been identified=20
with the way in which DM Primer handles receipt of large rogue=20
network messages, which can result in DM Primer becoming=20
unresponsive.=20
Severity: Computer Associates has given this vulnerability a=20
Medium risk rating.
Mitigating Factors: These vulnerabilities will only be present if=20
you have utilized the DM Deployment mechanism (bundled with the=20
affected products) to deploy those products within your=20
enterprise environment.
Affected Technologies: Please note that the DM Primer component=20
is not a product, but rather a common component that is included=20
with multiple products. Vulnerable versions of the DM Primer=20
component are included in the CA products listed in the Affected=20
Products section below. DM Primer component versions v1.4.154=20
and v1.4.155 are vulnerable to these issues. These=20
vulnerabilities are not present in DM Primer v11.0 or later.
Affected Products:
- BrightStor Mobile Backup r4.0
- BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1,=20
r11.1 SP1
- Unicenter Remote Control 6.0, 6.0 SP1
- CA Desktop Protection Suite r2
- CA Server Protection Suite r2
- CA Business Protection Suite r2
- CA Business Protection Suite for Microsoft Small Business=20
Server Standard Edition r2
- CA Business Protection Suite for Microsoft Small Business=20
Server Premium Edition r2
- CA Business Protection Suite for Midsize Business for Windows=20
r2
Affected platforms:
Windows
Platforms NOT affected:
This version of DM Primer is not supported on any other=20
platforms.
Status and Recommendation:=20
Since this version of DM Primer is only utilized for the initial=20
installation of the products, the above vulnerabilities can be=20
addressed by simply removing the DM Primer Service after=20
deployment. To remove the DM Primer component follow the=20
instructions below:
dmprimer remove -f:
will force the removal of a local DM Primer service,
dmsweep -a1:remotecomp -dp:force
will force the removal of the DM Primer service from a remote=20
computer called remotecomp.
The dmsweep command will be available on the DM Deployment=20
machine (usually the host for the product manager with which it=20
was bundled). It can take a machine name, an ip address, or a=20
range of ip addresses. Some examples are:
dmsweep -a1:192.168.0.* -dp:force
will forcibly remove DM Primer from all machines on the=20
192.168.0.* subnet
dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force
will forcibly remove DM Primer from all machines in the range=20
192.168.0.1-192.168.0.100
dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force
will forcibly remove DM Primer from all machines in the range=20
192.168.0.1-192.168.0.100
Please refer to the FAQ for answers to commonly asked=20
questions.
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp
References:=20
(note that URLs may wrap)
DM Deployment Common Component Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not
ice.asp
Frequently Asked Questions (FAQ) related to this security update
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp
CA Security Advisor site advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=3D33756
CVE Reference: Pending
http://cve.mitre.org
OSVDB Reference: Pending
http://osvdb.org
Error Handling in DM Primer
http://www.designfolks.com.au/karma/DMPrimer/
Customers who require additional information should contact CA=20
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a=20
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Dir. Vuln Research=20
CA Vulnerability Research Team
CA, One Computer Associates Plaza. Islandia, NY 11749
=09
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA. All rights reserved.
Vulnerabilities
CA Vulnerability ID: 33756
Discovery Date: 2005-12-20
CA Advisory Date: 2006-01-17
Discovered By: Cengiz Aykanat (CA internal audit), and=20
Karma[at]DesignFolks[dot]com[dot]au.
Impact: Remote attacker can cause a denial of service condition.
Summary: The following security vulnerability issues have been=20
identified in the DM Primer part of the DM Deployment Common=20
Component being distributed with some CA products:
1) A Denial of Service (DoS) vulnerability has been identified in=20
the handling of unrecognized network messages, which may result=20
in high CPU utilization and excessive growth of the DM Primer=20
log file.
2) A Denial of Service (DoS) vulnerability has been identified=20
with the way in which DM Primer handles receipt of large rogue=20
network messages, which can result in DM Primer becoming=20
unresponsive.=20
Severity: Computer Associates has given this vulnerability a=20
Medium risk rating.
Mitigating Factors: These vulnerabilities will only be present if=20
you have utilized the DM Deployment mechanism (bundled with the=20
affected products) to deploy those products within your=20
enterprise environment.
Affected Technologies: Please note that the DM Primer component=20
is not a product, but rather a common component that is included=20
with multiple products. Vulnerable versions of the DM Primer=20
component are included in the CA products listed in the Affected=20
Products section below. DM Primer component versions v1.4.154=20
and v1.4.155 are vulnerable to these issues. These=20
vulnerabilities are not present in DM Primer v11.0 or later.
Affected Products:
- BrightStor Mobile Backup r4.0
- BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1,=20
r11.1 SP1
- Unicenter Remote Control 6.0, 6.0 SP1
- CA Desktop Protection Suite r2
- CA Server Protection Suite r2
- CA Business Protection Suite r2
- CA Business Protection Suite for Microsoft Small Business=20
Server Standard Edition r2
- CA Business Protection Suite for Microsoft Small Business=20
Server Premium Edition r2
- CA Business Protection Suite for Midsize Business for Windows=20
r2
Affected platforms:
Windows
Platforms NOT affected:
This version of DM Primer is not supported on any other=20
platforms.
Status and Recommendation:=20
Since this version of DM Primer is only utilized for the initial=20
installation of the products, the above vulnerabilities can be=20
addressed by simply removing the DM Primer Service after=20
deployment. To remove the DM Primer component follow the=20
instructions below:
dmprimer remove -f:
will force the removal of a local DM Primer service,
dmsweep -a1:remotecomp -dp:force
will force the removal of the DM Primer service from a remote=20
computer called remotecomp.
The dmsweep command will be available on the DM Deployment=20
machine (usually the host for the product manager with which it=20
was bundled). It can take a machine name, an ip address, or a=20
range of ip addresses. Some examples are:
dmsweep -a1:192.168.0.* -dp:force
will forcibly remove DM Primer from all machines on the=20
192.168.0.* subnet
dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force
will forcibly remove DM Primer from all machines in the range=20
192.168.0.1-192.168.0.100
dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force
will forcibly remove DM Primer from all machines in the range=20
192.168.0.1-192.168.0.100
Please refer to the FAQ for answers to commonly asked=20
questions.
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp
References:=20
(note that URLs may wrap)
DM Deployment Common Component Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not
ice.asp
Frequently Asked Questions (FAQ) related to this security update
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp
CA Security Advisor site advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=3D33756
CVE Reference: Pending
http://cve.mitre.org
OSVDB Reference: Pending
http://osvdb.org
Error Handling in DM Primer
http://www.designfolks.com.au/karma/DMPrimer/
Customers who require additional information should contact CA=20
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a=20
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Dir. Vuln Research=20
CA Vulnerability Research Team
CA, One Computer Associates Plaza. Islandia, NY 11749
=09
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA. All rights reserved.