var-200910-0352
Vulnerability from variot
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. This vulnerability CVE-2009-3588 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) Could be put into a state or execute arbitrary code. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. An attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. The issues affect the Anti-Virus engine with versions prior to 'arclib' 8.1.4.0. Computer Associates is the world's leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA20091008-01: Security Notice for CA Anti-Virus Engine
Issued: October 8, 2009
CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service.
Risk Rating
Medium
Platform
Windows UNIX Linux Solaris Mac OS X Netware
Affected Products
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1 CA Anti-Virus 2007 (v8) CA Anti-Virus 2008 CA Anti-Virus 2009 CA Anti-Virus Plus 2009 eTrust EZ Antivirus r7.1 CA Internet Security Suite 2007 (v3) CA Internet Security Suite 2008 CA Internet Security Suite Plus 2008 CA Internet Security Suite Plus 2009 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) 8.1 CA Threat Manager Total Defense CA Gateway Security r8.1 CA Protection Suites r2 CA Protection Suites r3 CA Protection Suites r3.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1 CA ARCserve Backup r11.5 on Windows CA ARCserve Backup r12 on Windows CA ARCserve Backup r12.0 SP1 on Windows CA ARCserve Backup r12.0 SP 2 on Windows CA ARCserve Backup r12.5 on Windows CA ARCserve Backup r11.1 Linux CA ARCserve Backup r11.5 Linux CA ARCserve for Windows Client Agent CA ARCserve for Windows Server component CA eTrust Intrusion Detection 2.0 SP1 CA eTrust Intrusion Detection 3.0 CA eTrust Intrusion Detection 3.0 SP1 CA Common Services (CCS) r3.1 CA Common Services (CCS) r11 CA Common Services (CCS) r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
Non-Affected Products
CA Anti-Virus engine with arclib version 8.1.4.0 or later installed
How to determine if the installation is affected
For products on Windows:
- Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*).
- Right click on the file and select Properties.
- Select the Version tab.
-
If the file version is earlier than indicated below, the installation is vulnerable.
File Name File Version arclib.dll 8.1.4.0
*For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable.
Example compver utility output:
------------------------------------------------
COMPONENT NAME VERSION
------------------------------------------------
eTrust Antivirus Arclib Archive Library 8.1.4.0
... (followed by other components)
For reference, the following are file names for arclib on non-Windows operating systems:
Operating System File name
Solaris libarclib.so
Linux libarclib.so
Mac OS X arclib.bundle
Solution
CA released arclib 8.1.4.0 on August 12 2009. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1: apply fix # RO11964.
CA Common Services (CCS) r3.1: apply fix # RO11954.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 32bit: apply fix # RO10663.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 IA64: apply fix # RO10664.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 AMD64: apply fix # RO10665.
CA Secure Content Manager (formerly eTrust Secure Content Manager) r1.1: apply fix # RO10999.
CA Secure Content Manager (formerly eTrust Secure Content Manager) r8.0: apply fix # RO10999.
CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: apply fix # RO11000.
CA Gateway Security r8.1: RO10999.
CA ARCserve for Windows Server component installed on a 64 bit machine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 (AMD64).
CA ARCserve for Windows Server component installed on a 32 bit machine: apply fix # RO10663.
CA ARCserve for Windows Client Agent installed on a 64 bit machine: apply fix # RO10664 (IA64) or RO10665 (AMD64).
CA ARCserve for Windows Client Agent installed on a 32 bit machine: apply fix # RO10663.
CA ARCserve for Linux Server r11.5: apply fix # RO10729.
CA ARCserve for Linux:
-
Download RO10729.tar.Z from RO10729 into a temporary location /tmp/RO10729
-
Uncompress and untar RO10729.tar.Z as follows: uncompress RO10729.tar.Z tar -xvf RO10729.tar The new "libarclib.so" will be extracted to /tmp/RO10729
-
Change the directory to $CAIGLBL0000/ino/config as follows: cd $CAIGLBL0000/ino/config
-
Rename "libarclib.so" to "libarclib.so.RO10729" as follows: mv libarclib.so libarclib.so.RO10729
-
Copy the new libarclib.so as follows: cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/
-
chmod +x $CAIGLBL0000/ino/config/libarclib.so
-
Stop the common agent (caagent stop)
-
Change the directory to ARCserve common agent directory (typically /opt/CA/BABcmagt) cd /opt/CA/BABcmagt Note: To find out the agent home directory run the following command: dirname 'ls -l /usr/bin/caagent |cut -f2 -d">"'
-
Save a copy of libarclib.so cp -p libarclib.so libarclib.so.RO10729
-
Copy over the new libarclib.so as follows: cp $/tmp/RO10729/libarclib.so.
-
Start the common agent (caagent start)
-
Repeat steps (7-11) on all remote Linux client agents' installations.
-
rm -rf /tmp/RO10729
Workaround
Do not open email attachments or download files from untrusted sources.
If additional information is required, please contact CA Support at http://support.ca.com/.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: CA Anti-Virus Engine RAR Processing Two Vulnerabilities
SECUNIA ADVISORY ID: SA36976
VERIFY ADVISORY: http://secunia.com/advisories/36976/
DESCRIPTION: Two vulnerabilities have been reported in multiple CA products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
Please see the vendor's advisory for detailed instructions on applying patches.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller.
ORIGINAL ADVISORY: CA20091008-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Background ~~~~~~~~~~~~~ Quote: "CA is one of the world's largest IT management software providers. We serve more than 99% of Fortune 1000 companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide"
"CA Anti-Virus for the Enterprise is the next generation in comprehensive anti-virus security for business PCs, servers and PDAs. It combines proactive protection against malware with new, powerful management features that stop and remove malicious code before it enters your network, reducing system downtime"
II.
Attacker has control over EBX :
Basic Block: 6e4305b0 mov cl,byte ptr [ebx] Tainted Input Operands: ebx 6e4305b2 add edi,28h 6e4305b5 push edi 6e4305b6 lea edx,[esp+14h] 6e4305ba mov byte ptr [esp+14h],cl Tainted Input Operands: cl 6e4305be inc ebx Tainted Input Operands: ebx 6e4305bf push edx 6e4305c0 mov ecx,esi 6e4305c2 mov dword ptr [esp+1ch],ebx Tainted Input Operands: ebx 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0)
III. Due to the nature of Anti-virus products, the attack vectors can be near endless. An attack could be done over the way of an E-mail message carrying an RAR attachment (of a file recognised as being RAR), USB, CD, Network data etc.
Please note that this is a general problem and not exclusive to Computer Associates.
IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 11.05.2009 - Reported CVE-2009-3587 03.06.2009 - Reported CVE-2009-3588 09.10.2009 - CA releases advisory https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 13.10.2009 - G-SEC releases advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anti-virus plus",
"scope": "eq",
"trust": 1.8,
"vendor": "ca",
"version": "2009"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r3.1"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r8"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "8.1"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r2"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r3"
},
{
"model": "internet security suite plus 2008",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite plus 2009",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"model": "threat manager total defense",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"model": "etrust anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.0"
},
{
"model": "threat manager total defense",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "anti-virus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "7.1"
},
{
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.5"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"model": "internet security suite 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "arcserve for windows client agent",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "internet security suite plus 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8.1"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2009"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.0"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r7.1"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11.1"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.1"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "etrust anti-virus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "7.1"
},
{
"model": "internet security suite plus 2009",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8.1"
},
{
"model": "anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.1"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.1"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.0"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "arcserve for windows server component",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "anti-virus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus gateway",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus sdk",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve for windows client agent",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve for windows server component",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "common services",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust intrusion detection",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "gateway security",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "protection suites",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "secure content manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "threat manager for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust ez antivirus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.1"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "1.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates threat manager total defense",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates threat manager for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates threat manager for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates protection suites r2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates protection suites r3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates protection suites",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20073.0"
},
{
"model": "associates gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates etrust intrusion detection sp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.01"
},
{
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates etrust intrusion detection sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0.0"
},
{
"model": "associates etrust ez antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates common services r11.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services r11",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"model": "associates brightstor arcserve backup r12.0 windows sp1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates anti-virus sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates anti-virus gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates anti-virus for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus for the enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates anti-virus plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20078"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2008"
}
],
"sources": [
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thierry Zoller",
"sources": [
{
"db": "BID",
"id": "36653"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
}
],
"trust": 1.0
},
"cve": "CVE-2009-3587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-3587",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-41033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-3587",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-199",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-41033",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. This vulnerability CVE-2009-3588 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) Could be put into a state or execute arbitrary code. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. \nThe issues affect the Anti-Virus engine with versions prior to \u0027arclib\u0027 8.1.4.0. Computer Associates is the world\u0027s leading security vendor, products include a variety of anti-virus software and backup recovery systems. \nCA20091008-01: Security Notice for CA Anti-Virus Engine\n\n\nIssued: October 8, 2009\n\n\nCA\u0027s support is alerting customers to multiple security risks \nassociated with CA Anti-Virus Engine. Vulnerabilities exist in \nthe arclib component that can allow a remote attacker to cause a \ndenial of service, or to cause heap corruption and potentially \nfurther compromise a system. CA has issued fixes to address the \nvulnerabilities. An attacker can create a \nmalformed RAR archive file that results in heap corruption and \nallows the attacker to cause a denial of service or possibly \nfurther compromise the system. An attacker can create a \nmalformed RAR archive file that results in stack corruption and \nallows the attacker to cause a denial of service. \n\n\nRisk Rating\n\nMedium\n\n\nPlatform\n\nWindows\nUNIX\nLinux\nSolaris\nMac OS X\nNetware\n\n\nAffected Products\n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1\nCA Anti-Virus 2007 (v8)\nCA Anti-Virus 2008\nCA Anti-Virus 2009\nCA Anti-Virus Plus 2009\neTrust EZ Antivirus r7.1\nCA Internet Security Suite 2007 (v3)\nCA Internet Security Suite 2008\nCA Internet Security Suite Plus 2008\nCA Internet Security Suite Plus 2009\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) r8\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) 8.1\nCA Threat Manager Total Defense\nCA Gateway Security r8.1\nCA Protection Suites r2\nCA Protection Suites r3\nCA Protection Suites r3.1\nCA Secure Content Manager (formerly eTrust Secure Content \n Manager) 1.1\nCA Secure Content Manager (formerly eTrust Secure Content \n Manager) 8.0\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r3.0\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r3.1\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r11\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r11.1\nCA ARCserve Backup r11.5 on Windows\nCA ARCserve Backup r12 on Windows\nCA ARCserve Backup r12.0 SP1 on Windows\nCA ARCserve Backup r12.0 SP 2 on Windows\nCA ARCserve Backup r12.5 on Windows\nCA ARCserve Backup r11.1 Linux\nCA ARCserve Backup r11.5 Linux\nCA ARCserve for Windows Client Agent\nCA ARCserve for Windows Server component\nCA eTrust Intrusion Detection 2.0 SP1\nCA eTrust Intrusion Detection 3.0\nCA eTrust Intrusion Detection 3.0 SP1\nCA Common Services (CCS) r3.1\nCA Common Services (CCS) r11\nCA Common Services (CCS) r11.1\nCA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)\nCA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1\n\n\nNon-Affected Products\n\nCA Anti-Virus engine with arclib version 8.1.4.0 or later \ninstalled\n\n\nHow to determine if the installation is affected\n\nFor products on Windows:\n\n1. Using Windows Explorer, locate the file \"arclib.dll\". By \n default, the file is located in the \n \"C:\\Program Files\\CA\\SharedComponents\\ScanEngine\" directory (*). \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. If the file version is earlier than indicated below, the \n installation is vulnerable. \n\n File Name File Version\n arclib.dll 8.1.4.0\n\n*For eTrust Intrusion Detection 2.0, the file is located in \n\"Program Files\\eTrust\\Intrusion Detection\\Common\", and for eTrust \nIntrusion Detection 3.0 and 3.0 sp1, the file is located in \n\"Program Files\\CA\\Intrusion Detection\\Common\". \n\nFor CA Anti-Virus r8.1 on non-Windows platforms:\n\nUse the compver utility provided on the CD to determine the \nversion of Arclib. If the version is less than 8.1.4.0, the \ninstallation is vulnerable. \n\nExample compver utility output:\n\n ------------------------------------------------\n COMPONENT NAME VERSION\n ------------------------------------------------\n eTrust Antivirus Arclib Archive Library 8.1.4.0\n ... (followed by other components)\n \n\nFor reference, the following are file names for arclib on \nnon-Windows operating systems:\n\n Operating System File name\n Solaris libarclib.so\n Linux libarclib.so\n Mac OS X arclib.bundle\n\n\nSolution\n\nCA released arclib 8.1.4.0 on August 12 2009. If your product is \nconfigured for automatic updates, you should already be protected, \nand you need to take no action. If your product is not configured \nfor automatic updates, then you simply need to run the update \nutility included with your product. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r3.0: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r3.1: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r11: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r11.1: apply fix # RO11964. \n\nCA Common Services (CCS) r3.1: apply fix # RO11954. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \n32bit: apply fix # RO10663. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \nIA64: apply fix # RO10664. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \nAMD64: apply fix # RO10665. \n\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \nr1.1: apply fix # RO10999. \n\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \nr8.0: apply fix # RO10999. \n\nCA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: \napply fix # RO11000. \n\nCA Gateway Security r8.1: RO10999. \n\nCA ARCserve for Windows Server component installed on a 64 bit \nmachine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 \n(AMD64). \n\nCA ARCserve for Windows Server component installed on a 32 bit \nmachine: apply fix # RO10663. \n\nCA ARCserve for Windows Client Agent installed on a 64 bit \nmachine: apply fix # RO10664 (IA64) or RO10665 (AMD64). \n\nCA ARCserve for Windows Client Agent installed on a 32 bit \nmachine: apply fix # RO10663. \n\nCA ARCserve for Linux Server r11.5: apply fix # RO10729. \n\nCA ARCserve for Linux:\n\n1. Download RO10729.tar.Z from RO10729 into a temporary location \n /tmp/RO10729\n\n2. Uncompress and untar RO10729.tar.Z as follows:\n uncompress RO10729.tar.Z\n tar -xvf RO10729.tar\n The new \"libarclib.so\" will be extracted to /tmp/RO10729\n\n3. Change the directory to $CAIGLBL0000/ino/config as follows:\n cd $CAIGLBL0000/ino/config\n\n4. Rename \"libarclib.so\" to \"libarclib.so.RO10729\" as follows:\n mv libarclib.so libarclib.so.RO10729\n\n5. Copy the new libarclib.so as follows:\n cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/\n\n6. chmod +x $CAIGLBL0000/ino/config/libarclib.so\n\n7. Stop the common agent (caagent stop)\n\n8. Change the directory to ARCserve common agent directory \n (typically /opt/CA/BABcmagt)\n cd /opt/CA/BABcmagt\n Note: To find out the agent home directory run the following \n command:\n dirname \u0027ls -l /usr/bin/caagent |cut -f2 -d\"\u003e\"\u0027\n\n9. Save a copy of libarclib.so\n cp -p libarclib.so libarclib.so.RO10729\n\n10. Copy over the new libarclib.so as follows:\n cp $/tmp/RO10729/libarclib.so. \n\n11. Start the common agent (caagent start)\n\n12. Repeat steps (7-11) on all remote Linux client agents\u0027 \n installations. \n\n13. rm -rf /tmp/RO10729\n\n\nWorkaround\n\nDo not open email attachments or download files from untrusted \nsources. \n\n\nIf additional information is required, please contact CA Support \nat http://support.ca.com/. \n\n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nsupport.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Anti-Virus Engine RAR Processing Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA36976\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36976/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in multiple CA products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService) or to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nPlease see the vendor\u0027s advisory for detailed instructions on\napplying patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thierry Zoller. \n\nORIGINAL ADVISORY:\nCA20091008-01:\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Background\n~~~~~~~~~~~~~\nQuote: \n\"CA is one of the world\u0027s largest IT management software providers. \nWe serve more than 99% of Fortune 1000 companies, as well as government \nentities, educational institutions and thousands of other companies \nin diverse industries worldwide\" \n\n\"CA Anti-Virus for the Enterprise is the next generation in comprehensive \nanti-virus security for business PCs, servers and PDAs. It combines \nproactive protection against malware with new, powerful management \nfeatures that stop and remove malicious code before it enters your \nnetwork, reducing system downtime\"\n\n\nII. \n\nAttacker has control over EBX :\n\nBasic Block:\n 6e4305b0 mov cl,byte ptr [ebx]\n Tainted Input Operands: ebx\n 6e4305b2 add edi,28h\n 6e4305b5 push edi\n 6e4305b6 lea edx,[esp+14h]\n 6e4305ba mov byte ptr [esp+14h],cl\n Tainted Input Operands: cl\n 6e4305be inc ebx\n Tainted Input Operands: ebx\n 6e4305bf push edx\n 6e4305c0 mov ecx,esi\n 6e4305c2 mov dword ptr [esp+1ch],ebx\n Tainted Input Operands: ebx\n 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0)\n \n \n\nIII. \nDue to the nature of Anti-virus products, the attack vectors can be near endless. An attack\ncould be done over the way of an E-mail message carrying an RAR attachment (of a file\nrecognised as being RAR), USB, CD, Network data etc. \n\nPlease note that this is a general problem and not exclusive to Computer Associates. \n\n\nIV. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD.MM.YYYY\n11.05.2009 - Reported CVE-2009-3587 \n03.06.2009 - Reported CVE-2009-3588\n09.10.2009 - CA releases advisory\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878\n13.10.2009 - G-SEC releases advisory\n\n\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3587"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3587",
"trust": 3.0
},
{
"db": "BID",
"id": "36653",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "36976",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "58691",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-2852",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022999",
"trust": 2.5
},
{
"db": "XF",
"id": "53697",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "81918",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "81986",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81885",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"id": "VAR-200910-0352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
}
],
"trust": 0.01
},
"last_update_date": "2024-05-18T22:06:25.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "218878",
"trust": 0.8,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=218878"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/36653"
},
{
"trust": 2.5,
"url": "http://osvdb.org/58691"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022999"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/36976"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"trust": 2.2,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=218878"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3587"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/53697"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3587"
},
{
"trust": 0.4,
"url": "http://blog.g-sec.lu/2009/10/computer-associates-multiple-products.html"
},
{
"trust": 0.4,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/507101"
},
{
"trust": 0.3,
"url": "/archive/1/507068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3588"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3587"
},
{
"trust": 0.1,
"url": "http://support.ca.com/."
},
{
"trust": 0.1,
"url": "https://www.g-sec.lu"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36976/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41033"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "36653"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"date": "2009-10-12T20:41:50",
"db": "PACKETSTORM",
"id": "81918"
},
{
"date": "2009-10-12T11:21:41",
"db": "PACKETSTORM",
"id": "81885"
},
{
"date": "2009-10-14T23:09:22",
"db": "PACKETSTORM",
"id": "81986"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"date": "2009-10-13T10:30:00.610000",
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-41033"
},
{
"date": "2009-10-13T15:38:00",
"db": "BID",
"id": "36653"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"date": "2024-05-17T17:25:39.707000",
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Product Anti-Virus In the engine arclib Vulnerability in arbitrary code execution in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.