Intrusion Prevention

CA.BrightStor.ARCserve.Backup.Message.Filedelete.RPC.Access

Description

This indicates an attempt to exploit a remote code-execution vulnerability in CA BrightStor ARCServe BackUp.
This vulnerability is a result of privileged functions being available for arbitrary RPC users in the Message Engine RPC service. It allows remote attackers to execute arbitrary code.

Affected Products

Computer Associates Server Protection Suite r2
Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
Computer Associates Business Protection Suite r2
Computer Associates BrightStor Enterprise Backup 10.5
Computer Associates BrightStor ARCServe Backup for Windows 11.0
Computer Associates BrightStor ARCServe Backup 11.1
Computer Associates BrightStor ARCServe Backup 9.01
Computer Associates BrightStor ARCServe Backup 11.5

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workground:
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

CVE References

CVE-2007-5328