Vendor Status Note JVNCIAC-R-185

BrightStor ARCserve Backup Tape Engine に複数の脆弱性

概要

CA の BrightStor ARCserve Backup Tape Engine には、複数の脆弱性があります。

影響を受けるシステム
 - BrightStor 製品の以下のバージョン
  - BrightStor ARCserve Backup r11.5
  - BrightStor ARCserve Backup r11.1
  - BrightStor ARCserve Backup for Windows r11
  - BrightStor Enterprise Backup r10.5
  - BrightStor ARCserve Backup v9.01
 - CA Protection Suites r2 の以下のバージョン
  - CA Server Protection Suite r2
  - CA Business Protection Suite r2
  - CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
  - CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

想定される影響

遠隔の第三者がサービス運用妨害(DoS)攻撃を行ったり、任意のコードを実行したりする可能性があります。

ベンダ情報

ベンダリンク更新日
CABrightStor ARCserve Backup の Tape Engine および Portmapper におけるセキュリティに関するお知らせ (portmapper)
CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities
参考情報

  1. US-CERT Vulnerability Note VU#647273
    CA BrightStor ARCserver Tape Engine denial of service vulnerability
  2. US-CERT Vulnerability Note VU#375353
    CA BrightStor ARCserver Tape Engine memory corruption vulnerability
  3. ISS X-Force Database: brightstor-arcserve-tapeeng-bo(30453)
    CA BrightStor ARCserve tapeeng.exe buffer overflow
  4. ISS X-Force Database: brightstor-catirpc-dos(32137)
    CA Brightstor ARCserve Backup catirpc.exe denial of service
  5. ISS X-Force Database: brightstor-rpc-tapeengine-code-execution(33017)
    CA Brightstor ARCserve Backup RPC Tape Engine code execution
  6. ISS X-Force Database: brightstor-rpc-tapeengine-dos(33020)
    CA Brightstor ARCserve Backup RPC Tape Engine denial of service

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-1201 ( 2007-03-28 )
CIAC BulletinR-185 CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilitites ( 2007-03-22 )
CVE2006-6076 [CVE+] XF30453
2007-0816 [CVE+] XF32137
2007-1447 [CVE+] VU#375353,XF33017
2007-1448 [CVE+] VU#647273,XF33020
PGP署名JVNCIAC-R-185.html.sig

登録日18:16 2007/04/01
更新日18:16 2007/04/01

Copyright(C) 2002-2009 Keio Univ. All rights reserved.