Vulnerabilites related to ca - anti-virus
var-200901-0282
Vulnerability from variot
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect. Products with 'arclib.dll' prior to version 7.3.0.15 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG
Impact: A remote attacker can evade detection. CA has released a new Anti-Virus engine to address the vulnerabilities. Consequently, detection evasion can be a concern for gateway anti-virus software if archives are not scanned, but the risk is effectively mitigated by the desktop anti-virus engine.
Mitigating Factors: See note above.
Severity: CA has given these vulnerabilities a Low risk rating. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product.
How to determine if you are affected:
For products on Windows:
- Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*).
- Right click on the file and select Properties.
- Select the Version tab.
File Name File Version arclib.dll 7.3.0.15
*For eTrust Intrusion Detection 2.0 the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib.
Example compver utility output: ------------------------------------------------ COMPONENT NAME VERSION ------------------------------------------------ eTrust Antivirus Arclib Archive Library 7.3.0.15 ... (followed by other components)
For reference, the following are file names for arclib on non-Windows operating systems:
Operating System File name Solaris libarclib.so Linux libarclib.so Mac OS X arclib.bundle
Workaround: Do not open email attachments or download files from untrusted sources.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Charset: utf-8
wj8DBQFJfyMKeSWR3+KUGYURAkyRAJ94Db9OT0mSDBo8UiSAK7AWWt5XSgCfc89J SlKLxRwfw06DmTk2tmlcrJI= =Kjse -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "threat manager for the enterprise",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r8"
},
{
"_id": null,
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r2"
},
{
"_id": null,
"model": "anti-virus sdk",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "internet security suite 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"_id": null,
"model": "threat manager for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.1"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.1"
},
{
"_id": null,
"model": "arcserve client agent",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.0"
},
{
"_id": null,
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"_id": null,
"model": "anti-spyware for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "4.0"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.0"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"_id": null,
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.5_nil_"
},
{
"_id": null,
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r12.0_nil_"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.0"
},
{
"_id": null,
"model": "internet security suite 2007",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3"
},
{
"_id": null,
"model": "antivirus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"_id": null,
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.1"
},
{
"_id": null,
"model": "anti-spyware",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"_id": null,
"model": "anti-spyware",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"_id": null,
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r3"
},
{
"_id": null,
"model": "anti-spyware for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"_id": null,
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11.1"
},
{
"_id": null,
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r3.1"
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r7"
},
{
"_id": null,
"model": "anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "internet security suite plus 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r6.1"
},
{
"_id": null,
"model": "anti-spyware 2007",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-spyware 2008",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-spyware for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus gateway",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "arcserve backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "arcserve for windows client agent",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "arcserve for windows server component",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "common services",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "gateway security",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "internet security suite plus 2008",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "protection suites",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "secure content manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "threat manager for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "7.1"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11"
},
{
"_id": null,
"model": "anti-virus",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "2007"
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "r7"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11.1"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "r8"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.1"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"_id": null,
"model": "associates threat manager for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates threat manager for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates protection suites r2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates protection suites r3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates protection suites",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"_id": null,
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"_id": null,
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"_id": null,
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20073.0"
},
{
"_id": null,
"model": "associates gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"_id": null,
"model": "associates etrust intrusion detection sp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.01"
},
{
"_id": null,
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"_id": null,
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"_id": null,
"model": "associates etrust intrusion detection sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0.0"
},
{
"_id": null,
"model": "associates etrust ez antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"_id": null,
"model": "associates etrust antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.0"
},
{
"_id": null,
"model": "associates etrust antivirus r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates etrust antivirus r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates common services r11.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates common services r11",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates common services",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates arcserve for windows server component",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates arcserve client agent for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates arcserve",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"_id": null,
"model": "associates anti-virus sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates anti-virus gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"_id": null,
"model": "associates anti-spyware for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates anti-spyware for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates anti-spyware",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"_id": null,
"model": "associates anti-spyware",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2007"
}
],
"sources": [
{
"db": "BID",
"id": "33464"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_2007",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_client_agent",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_server_component",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:common_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_intrusion_detection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:gateway_security",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite_plus_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:network_and_systems_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:protection_suites",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:secure_content_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_ez_antivirus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
}
]
},
"credits": {
"_id": null,
"data": "Thierry Zoller and Sergio Alvarez of n.runs AG",
"sources": [
{
"db": "BID",
"id": "33464"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
],
"trust": 0.9
},
"cve": "CVE-2009-0042",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-0042",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-37488",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0042",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-0042",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-407",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-37488",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"description": {
"_id": null,
"data": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine. \nSuccessful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect. \nProducts with \u0027arclib.dll\u0027 prior to version 7.3.0.15 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTitle: CA20090126-01: CA Anti-Virus Engine Detection Evasion \nMultiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090126-01\n\n\nCA Advisory Date: 2009-01-26\n\n\nReported By:\nThierry Zoller and Sergio Alvarez of n.runs AG\n\n\nImpact: A remote attacker can evade detection. CA has \nreleased a new Anti-Virus engine to address the vulnerabilities. \nConsequently, detection evasion can be a concern for gateway \nanti-virus software if archives are not scanned, but the risk is \neffectively mitigated by the desktop anti-virus engine. \n\n\nMitigating Factors: See note above. \n\n\nSeverity: CA has given these vulnerabilities a Low risk rating. If your product is \nconfigured for automatic updates, you should already be protected, \nand you need to take no action. If your product is not configured \nfor automatic updates, then you simply need to run the update \nutility included with your product. \n\n\nHow to determine if you are affected:\n\nFor products on Windows:\n\n1. Using Windows Explorer, locate the file \"arclib.dll\". By \n default, the file is located in the \n \"C:\\Program Files\\CA\\SharedComponents\\ScanEngine\" directory (*). \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. \n\nFile Name File Version\narclib.dll 7.3.0.15\n\n*For eTrust Intrusion Detection 2.0 the file is located in \n\"Program Files\\eTrust\\Intrusion Detection\\Common\", and for eTrust \nIntrusion Detection 3.0 and 3.0 sp1, the file is located in \n\"Program Files\\CA\\Intrusion Detection\\Common\". \n\nFor CA Anti-Virus r8.1 on non-Windows platforms:\n\nUse the compver utility provided on the CD to determine the \nversion of Arclib. \n\nExample compver utility output:\n ------------------------------------------------\n COMPONENT NAME VERSION\n ------------------------------------------------\n eTrust Antivirus Arclib Archive Library 7.3.0.15\n ... (followed by other components)\n\nFor reference, the following are file names for arclib on \nnon-Windows operating systems:\n\nOperating System File name\nSolaris libarclib.so\nLinux libarclib.so\nMac OS X arclib.bundle\n\n\nWorkaround: \nDo not open email attachments or download files from untrusted \nsources. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.9.1 (Build 287)\nCharset: utf-8\n\nwj8DBQFJfyMKeSWR3+KUGYURAkyRAJ94Db9OT0mSDBo8UiSAK7AWWt5XSgCfc89J\nSlKLxRwfw06DmTk2tmlcrJI=\n=Kjse\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0042"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "BID",
"id": "33464"
},
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "PACKETSTORM",
"id": "74367"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-0042",
"trust": 2.9
},
{
"db": "BID",
"id": "33464",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1021639",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0270",
"trust": 2.5
},
{
"db": "XF",
"id": "48261",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "74367",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-37488",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "BID",
"id": "33464"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "PACKETSTORM",
"id": "74367"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"id": "VAR-200901-0282",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:10:15.841000Z",
"patch": {
"_id": null,
"data": [
{
"title": "197601",
"trust": 0.8,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"title": "Computer Associates Anti-Virus Engine Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146829"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-noinfo",
"trust": 0.8
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/33464"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1021639"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"trust": 2.0,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197601"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0042"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/48261"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0042"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/500417"
},
{
"trust": 0.3,
"url": "/archive/1/503447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0042"
},
{
"trust": 0.1,
"url": "http://www.nruns.com/"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://secdev.zoller.lu"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1976"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "BID",
"id": "33464"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "PACKETSTORM",
"id": "74367"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-37488",
"ident": null
},
{
"db": "BID",
"id": "33464",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "74367",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-0042",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-37488",
"ident": null
},
{
"date": "2009-01-27T00:00:00",
"db": "BID",
"id": "33464",
"ident": null
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"ident": null
},
{
"date": "2009-01-28T00:18:02",
"db": "PACKETSTORM",
"id": "74367",
"ident": null
},
{
"date": "2009-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-407",
"ident": null
},
{
"date": "2009-01-28T01:30:00.453000",
"db": "NVD",
"id": "CVE-2009-0042",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-37488",
"ident": null
},
{
"date": "2009-05-12T22:06:00",
"db": "BID",
"id": "33464",
"ident": null
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"ident": null
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-407",
"ident": null
},
{
"date": "2024-11-21T00:58:56.143000",
"db": "NVD",
"id": "CVE-2009-0042",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "74367"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "plural CA Product Arclib library Vulnerabilities that can bypass virus detection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "design error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
],
"trust": 0.6
}
}
var-200910-0097
Vulnerability from variot
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. This vulnerability CVE-2009-3587 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) There is a possibility of being put into a state. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. An attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. The issues affect the Anti-Virus engine with versions prior to 'arclib' 8.1.4.0. Computer Associates is the world's leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA20091008-01: Security Notice for CA Anti-Virus Engine
Issued: October 8, 2009
CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service.
Risk Rating
Medium
Platform
Windows UNIX Linux Solaris Mac OS X Netware
Affected Products
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1 CA Anti-Virus 2007 (v8) CA Anti-Virus 2008 CA Anti-Virus 2009 CA Anti-Virus Plus 2009 eTrust EZ Antivirus r7.1 CA Internet Security Suite 2007 (v3) CA Internet Security Suite 2008 CA Internet Security Suite Plus 2008 CA Internet Security Suite Plus 2009 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) 8.1 CA Threat Manager Total Defense CA Gateway Security r8.1 CA Protection Suites r2 CA Protection Suites r3 CA Protection Suites r3.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1 CA ARCserve Backup r11.5 on Windows CA ARCserve Backup r12 on Windows CA ARCserve Backup r12.0 SP1 on Windows CA ARCserve Backup r12.0 SP 2 on Windows CA ARCserve Backup r12.5 on Windows CA ARCserve Backup r11.1 Linux CA ARCserve Backup r11.5 Linux CA ARCserve for Windows Client Agent CA ARCserve for Windows Server component CA eTrust Intrusion Detection 2.0 SP1 CA eTrust Intrusion Detection 3.0 CA eTrust Intrusion Detection 3.0 SP1 CA Common Services (CCS) r3.1 CA Common Services (CCS) r11 CA Common Services (CCS) r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
Non-Affected Products
CA Anti-Virus engine with arclib version 8.1.4.0 or later installed
How to determine if the installation is affected
For products on Windows:
- Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*).
- Right click on the file and select Properties.
- Select the Version tab.
-
If the file version is earlier than indicated below, the installation is vulnerable.
File Name File Version arclib.dll 8.1.4.0
*For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable.
Example compver utility output:
------------------------------------------------
COMPONENT NAME VERSION
------------------------------------------------
eTrust Antivirus Arclib Archive Library 8.1.4.0
... (followed by other components)
For reference, the following are file names for arclib on non-Windows operating systems:
Operating System File name
Solaris libarclib.so
Linux libarclib.so
Mac OS X arclib.bundle
Solution
CA released arclib 8.1.4.0 on August 12 2009. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1: apply fix # RO11964.
CA Common Services (CCS) r3.1: apply fix # RO11954.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 32bit: apply fix # RO10663.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 IA64: apply fix # RO10664.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 AMD64: apply fix # RO10665.
CA Secure Content Manager (formerly eTrust Secure Content Manager) r1.1: apply fix # RO10999.
CA Secure Content Manager (formerly eTrust Secure Content Manager) r8.0: apply fix # RO10999.
CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: apply fix # RO11000.
CA Gateway Security r8.1: RO10999.
CA ARCserve for Windows Server component installed on a 64 bit machine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 (AMD64).
CA ARCserve for Windows Server component installed on a 32 bit machine: apply fix # RO10663.
CA ARCserve for Windows Client Agent installed on a 64 bit machine: apply fix # RO10664 (IA64) or RO10665 (AMD64).
CA ARCserve for Windows Client Agent installed on a 32 bit machine: apply fix # RO10663.
CA ARCserve for Linux Server r11.5: apply fix # RO10729.
CA ARCserve for Linux:
-
Download RO10729.tar.Z from RO10729 into a temporary location /tmp/RO10729
-
Uncompress and untar RO10729.tar.Z as follows: uncompress RO10729.tar.Z tar -xvf RO10729.tar The new "libarclib.so" will be extracted to /tmp/RO10729
-
Change the directory to $CAIGLBL0000/ino/config as follows: cd $CAIGLBL0000/ino/config
-
Rename "libarclib.so" to "libarclib.so.RO10729" as follows: mv libarclib.so libarclib.so.RO10729
-
Copy the new libarclib.so as follows: cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/
-
chmod +x $CAIGLBL0000/ino/config/libarclib.so
-
Stop the common agent (caagent stop)
-
Change the directory to ARCserve common agent directory (typically /opt/CA/BABcmagt) cd /opt/CA/BABcmagt Note: To find out the agent home directory run the following command: dirname 'ls -l /usr/bin/caagent |cut -f2 -d">"'
-
Save a copy of libarclib.so cp -p libarclib.so libarclib.so.RO10729
-
Copy over the new libarclib.so as follows: cp $/tmp/RO10729/libarclib.so.
-
Start the common agent (caagent start)
-
Repeat steps (7-11) on all remote Linux client agents' installations.
-
rm -rf /tmp/RO10729
Workaround
Do not open email attachments or download files from untrusted sources.
If additional information is required, please contact CA Support at http://support.ca.com/.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: CA Anti-Virus Engine RAR Processing Two Vulnerabilities
SECUNIA ADVISORY ID: SA36976
VERIFY ADVISORY: http://secunia.com/advisories/36976/
DESCRIPTION: Two vulnerabilities have been reported in multiple CA products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
Please see the vendor's advisory for detailed instructions on applying patches.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller.
ORIGINAL ADVISORY: CA20091008-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Background ~~~~~~~~~~~~~ Quote: "CA is one of the world's largest IT management software providers. We serve more than 99% of Fortune 1000 companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide"
"CA Anti-Virus for the Enterprise is the next generation in comprehensive anti-virus security for business PCs, servers and PDAs. It combines proactive protection against malware with new, powerful management features that stop and remove malicious code before it enters your network, reducing system downtime"
II.
Attacker has control over EBX :
Basic Block: 6e4305b0 mov cl,byte ptr [ebx] Tainted Input Operands: ebx 6e4305b2 add edi,28h 6e4305b5 push edi 6e4305b6 lea edx,[esp+14h] 6e4305ba mov byte ptr [esp+14h],cl Tainted Input Operands: cl 6e4305be inc ebx Tainted Input Operands: ebx 6e4305bf push edx 6e4305c0 mov ecx,esi 6e4305c2 mov dword ptr [esp+1ch],ebx Tainted Input Operands: ebx 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0)
III. Due to the nature of Anti-virus products, the attack vectors can be near endless. An attack could be done over the way of an E-mail message carrying an RAR attachment (of a file recognised as being RAR), USB, CD, Network data etc.
Please note that this is a general problem and not exclusive to Computer Associates.
IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 11.05.2009 - Reported CVE-2009-3587 03.06.2009 - Reported CVE-2009-3588 09.10.2009 - CA releases advisory https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 13.10.2009 - G-SEC releases advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anti-virus plus",
"scope": "eq",
"trust": 1.8,
"vendor": "ca",
"version": "2009"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r11.1"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r11.5"
},
{
"model": "etrust anti-virus gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "7.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.0"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8.1"
},
{
"model": "internet security suite 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.0"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8"
},
{
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r7.1"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r12.0"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r3"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11.1"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r3.1"
},
{
"model": "etrust anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "anti-virus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "7.1"
},
{
"model": "internet security suite plus 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.1"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.1"
},
{
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.0"
},
{
"model": "internet security suite plus 2009",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.0"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "threat manager total defense",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "arcserve for windows client agent",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2009"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "arcserve for windows server component",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8.1"
},
{
"model": "anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r2"
},
{
"model": "anti-virus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus gateway",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus sdk",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve for windows client agent",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve for windows server component",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "common services",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust intrusion detection",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "gateway security",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite plus 2008",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite plus 2009",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "protection suites",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "secure content manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "threat manager for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "threat manager total defense",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust ez antivirus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "r12.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "7.1"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "r12.5"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "7.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates threat manager total defense",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates threat manager for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates threat manager for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates protection suites r2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates protection suites r3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates protection suites",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20073.0"
},
{
"model": "associates gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates etrust intrusion detection sp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.01"
},
{
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates etrust intrusion detection sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0.0"
},
{
"model": "associates etrust ez antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates common services r11.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services r11",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"model": "associates brightstor arcserve backup r12.0 windows sp1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates anti-virus sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates anti-virus gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates anti-virus for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus for the enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates anti-virus plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20078"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2008"
}
],
"sources": [
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:etrust_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_client_agent",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_server_component",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:common_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_intrusion_detection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:gateway_security",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite_plus_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite_plus_2009",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:network_and_systems_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:protection_suites",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:secure_content_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager_total_defense",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_ez_antivirus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thierry Zoller",
"sources": [
{
"db": "BID",
"id": "36653"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
}
],
"trust": 1.0
},
"cve": "CVE-2009-3588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3588",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41034",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3588",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3588",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-200",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-41034",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41034"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. This vulnerability CVE-2009-3587 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) There is a possibility of being put into a state. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. \nThe issues affect the Anti-Virus engine with versions prior to \u0027arclib\u0027 8.1.4.0. Computer Associates is the world\u0027s leading security vendor, products include a variety of anti-virus software and backup recovery systems. \nCA20091008-01: Security Notice for CA Anti-Virus Engine\n\n\nIssued: October 8, 2009\n\n\nCA\u0027s support is alerting customers to multiple security risks \nassociated with CA Anti-Virus Engine. Vulnerabilities exist in \nthe arclib component that can allow a remote attacker to cause a \ndenial of service, or to cause heap corruption and potentially \nfurther compromise a system. CA has issued fixes to address the \nvulnerabilities. An attacker can create a \nmalformed RAR archive file that results in heap corruption and \nallows the attacker to cause a denial of service or possibly \nfurther compromise the system. An attacker can create a \nmalformed RAR archive file that results in stack corruption and \nallows the attacker to cause a denial of service. \n\n\nRisk Rating\n\nMedium\n\n\nPlatform\n\nWindows\nUNIX\nLinux\nSolaris\nMac OS X\nNetware\n\n\nAffected Products\n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1\nCA Anti-Virus 2007 (v8)\nCA Anti-Virus 2008\nCA Anti-Virus 2009\nCA Anti-Virus Plus 2009\neTrust EZ Antivirus r7.1\nCA Internet Security Suite 2007 (v3)\nCA Internet Security Suite 2008\nCA Internet Security Suite Plus 2008\nCA Internet Security Suite Plus 2009\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) r8\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) 8.1\nCA Threat Manager Total Defense\nCA Gateway Security r8.1\nCA Protection Suites r2\nCA Protection Suites r3\nCA Protection Suites r3.1\nCA Secure Content Manager (formerly eTrust Secure Content \n Manager) 1.1\nCA Secure Content Manager (formerly eTrust Secure Content \n Manager) 8.0\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r3.0\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r3.1\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r11\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r11.1\nCA ARCserve Backup r11.5 on Windows\nCA ARCserve Backup r12 on Windows\nCA ARCserve Backup r12.0 SP1 on Windows\nCA ARCserve Backup r12.0 SP 2 on Windows\nCA ARCserve Backup r12.5 on Windows\nCA ARCserve Backup r11.1 Linux\nCA ARCserve Backup r11.5 Linux\nCA ARCserve for Windows Client Agent\nCA ARCserve for Windows Server component\nCA eTrust Intrusion Detection 2.0 SP1\nCA eTrust Intrusion Detection 3.0\nCA eTrust Intrusion Detection 3.0 SP1\nCA Common Services (CCS) r3.1\nCA Common Services (CCS) r11\nCA Common Services (CCS) r11.1\nCA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)\nCA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1\n\n\nNon-Affected Products\n\nCA Anti-Virus engine with arclib version 8.1.4.0 or later \ninstalled\n\n\nHow to determine if the installation is affected\n\nFor products on Windows:\n\n1. Using Windows Explorer, locate the file \"arclib.dll\". By \n default, the file is located in the \n \"C:\\Program Files\\CA\\SharedComponents\\ScanEngine\" directory (*). \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. If the file version is earlier than indicated below, the \n installation is vulnerable. \n\n File Name File Version\n arclib.dll 8.1.4.0\n\n*For eTrust Intrusion Detection 2.0, the file is located in \n\"Program Files\\eTrust\\Intrusion Detection\\Common\", and for eTrust \nIntrusion Detection 3.0 and 3.0 sp1, the file is located in \n\"Program Files\\CA\\Intrusion Detection\\Common\". \n\nFor CA Anti-Virus r8.1 on non-Windows platforms:\n\nUse the compver utility provided on the CD to determine the \nversion of Arclib. If the version is less than 8.1.4.0, the \ninstallation is vulnerable. \n\nExample compver utility output:\n\n ------------------------------------------------\n COMPONENT NAME VERSION\n ------------------------------------------------\n eTrust Antivirus Arclib Archive Library 8.1.4.0\n ... (followed by other components)\n \n\nFor reference, the following are file names for arclib on \nnon-Windows operating systems:\n\n Operating System File name\n Solaris libarclib.so\n Linux libarclib.so\n Mac OS X arclib.bundle\n\n\nSolution\n\nCA released arclib 8.1.4.0 on August 12 2009. If your product is \nconfigured for automatic updates, you should already be protected, \nand you need to take no action. If your product is not configured \nfor automatic updates, then you simply need to run the update \nutility included with your product. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r3.0: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r3.1: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r11: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r11.1: apply fix # RO11964. \n\nCA Common Services (CCS) r3.1: apply fix # RO11954. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \n32bit: apply fix # RO10663. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \nIA64: apply fix # RO10664. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \nAMD64: apply fix # RO10665. \n\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \nr1.1: apply fix # RO10999. \n\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \nr8.0: apply fix # RO10999. \n\nCA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: \napply fix # RO11000. \n\nCA Gateway Security r8.1: RO10999. \n\nCA ARCserve for Windows Server component installed on a 64 bit \nmachine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 \n(AMD64). \n\nCA ARCserve for Windows Server component installed on a 32 bit \nmachine: apply fix # RO10663. \n\nCA ARCserve for Windows Client Agent installed on a 64 bit \nmachine: apply fix # RO10664 (IA64) or RO10665 (AMD64). \n\nCA ARCserve for Windows Client Agent installed on a 32 bit \nmachine: apply fix # RO10663. \n\nCA ARCserve for Linux Server r11.5: apply fix # RO10729. \n\nCA ARCserve for Linux:\n\n1. Download RO10729.tar.Z from RO10729 into a temporary location \n /tmp/RO10729\n\n2. Uncompress and untar RO10729.tar.Z as follows:\n uncompress RO10729.tar.Z\n tar -xvf RO10729.tar\n The new \"libarclib.so\" will be extracted to /tmp/RO10729\n\n3. Change the directory to $CAIGLBL0000/ino/config as follows:\n cd $CAIGLBL0000/ino/config\n\n4. Rename \"libarclib.so\" to \"libarclib.so.RO10729\" as follows:\n mv libarclib.so libarclib.so.RO10729\n\n5. Copy the new libarclib.so as follows:\n cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/\n\n6. chmod +x $CAIGLBL0000/ino/config/libarclib.so\n\n7. Stop the common agent (caagent stop)\n\n8. Change the directory to ARCserve common agent directory \n (typically /opt/CA/BABcmagt)\n cd /opt/CA/BABcmagt\n Note: To find out the agent home directory run the following \n command:\n dirname \u0027ls -l /usr/bin/caagent |cut -f2 -d\"\u003e\"\u0027\n\n9. Save a copy of libarclib.so\n cp -p libarclib.so libarclib.so.RO10729\n\n10. Copy over the new libarclib.so as follows:\n cp $/tmp/RO10729/libarclib.so. \n\n11. Start the common agent (caagent start)\n\n12. Repeat steps (7-11) on all remote Linux client agents\u0027 \n installations. \n\n13. rm -rf /tmp/RO10729\n\n\nWorkaround\n\nDo not open email attachments or download files from untrusted \nsources. \n\n\nIf additional information is required, please contact CA Support \nat http://support.ca.com/. \n\n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nsupport.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Anti-Virus Engine RAR Processing Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA36976\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36976/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in multiple CA products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService) or to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nPlease see the vendor\u0027s advisory for detailed instructions on\napplying patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thierry Zoller. \n\nORIGINAL ADVISORY:\nCA20091008-01:\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Background\n~~~~~~~~~~~~~\nQuote: \n\"CA is one of the world\u0027s largest IT management software providers. \nWe serve more than 99% of Fortune 1000 companies, as well as government \nentities, educational institutions and thousands of other companies \nin diverse industries worldwide\" \n\n\"CA Anti-Virus for the Enterprise is the next generation in comprehensive \nanti-virus security for business PCs, servers and PDAs. It combines \nproactive protection against malware with new, powerful management \nfeatures that stop and remove malicious code before it enters your \nnetwork, reducing system downtime\"\n\n\nII. \n\nAttacker has control over EBX :\n\nBasic Block:\n 6e4305b0 mov cl,byte ptr [ebx]\n Tainted Input Operands: ebx\n 6e4305b2 add edi,28h\n 6e4305b5 push edi\n 6e4305b6 lea edx,[esp+14h]\n 6e4305ba mov byte ptr [esp+14h],cl\n Tainted Input Operands: cl\n 6e4305be inc ebx\n Tainted Input Operands: ebx\n 6e4305bf push edx\n 6e4305c0 mov ecx,esi\n 6e4305c2 mov dword ptr [esp+1ch],ebx\n Tainted Input Operands: ebx\n 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0)\n \n \n\nIII. \nDue to the nature of Anti-virus products, the attack vectors can be near endless. An attack\ncould be done over the way of an E-mail message carrying an RAR attachment (of a file\nrecognised as being RAR), USB, CD, Network data etc. \n\nPlease note that this is a general problem and not exclusive to Computer Associates. \n\n\nIV. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD.MM.YYYY\n11.05.2009 - Reported CVE-2009-3587 \n03.06.2009 - Reported CVE-2009-3588\n09.10.2009 - CA releases advisory\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878\n13.10.2009 - G-SEC releases advisory\n\n\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3588"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "VULHUB",
"id": "VHN-41034"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3588",
"trust": 3.0
},
{
"db": "BID",
"id": "36653",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "36976",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2009-2852",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022999",
"trust": 2.5
},
{
"db": "XF",
"id": "53698",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-41034",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81918",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81885",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81986",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41034"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"id": "VAR-200910-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41034"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:12:57.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "218878",
"trust": 0.8,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/36653"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022999"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/36976"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"trust": 2.2,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=218878"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3588"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/53698"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3588"
},
{
"trust": 0.4,
"url": "http://blog.g-sec.lu/2009/10/computer-associates-multiple-products.html"
},
{
"trust": 0.4,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/507101"
},
{
"trust": 0.3,
"url": "/archive/1/507068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3588"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3587"
},
{
"trust": 0.1,
"url": "http://support.ca.com/."
},
{
"trust": 0.1,
"url": "https://www.g-sec.lu"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36976/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41034"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41034"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41034"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "36653"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"date": "2009-10-12T20:41:50",
"db": "PACKETSTORM",
"id": "81918"
},
{
"date": "2009-10-12T11:21:41",
"db": "PACKETSTORM",
"id": "81885"
},
{
"date": "2009-10-14T23:09:22",
"db": "PACKETSTORM",
"id": "81986"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"date": "2009-10-13T10:30:00.627000",
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-41034"
},
{
"date": "2009-10-13T15:38:00",
"db": "BID",
"id": "36653"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002629"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-200"
},
{
"date": "2024-11-21T01:07:44.600000",
"db": "NVD",
"id": "CVE-2009-3588"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Product Anti-Virus In the engine arclib Service disruption in components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002629"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-200"
}
],
"trust": 0.6
}
}
var-200910-0352
Vulnerability from variot
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. This vulnerability CVE-2009-3588 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) Could be put into a state or execute arbitrary code. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. An attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. The issues affect the Anti-Virus engine with versions prior to 'arclib' 8.1.4.0. Computer Associates is the world's leading security vendor, products include a variety of anti-virus software and backup recovery systems. CA20091008-01: Security Notice for CA Anti-Virus Engine
Issued: October 8, 2009
CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities. An attacker can create a malformed RAR archive file that results in heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system. An attacker can create a malformed RAR archive file that results in stack corruption and allows the attacker to cause a denial of service.
Risk Rating
Medium
Platform
Windows UNIX Linux Solaris Mac OS X Netware
Affected Products
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8 CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1 CA Anti-Virus 2007 (v8) CA Anti-Virus 2008 CA Anti-Virus 2009 CA Anti-Virus Plus 2009 eTrust EZ Antivirus r7.1 CA Internet Security Suite 2007 (v3) CA Internet Security Suite 2008 CA Internet Security Suite Plus 2008 CA Internet Security Suite Plus 2009 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) 8.1 CA Threat Manager Total Defense CA Gateway Security r8.1 CA Protection Suites r2 CA Protection Suites r3 CA Protection Suites r3.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1 CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11 CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1 CA ARCserve Backup r11.5 on Windows CA ARCserve Backup r12 on Windows CA ARCserve Backup r12.0 SP1 on Windows CA ARCserve Backup r12.0 SP 2 on Windows CA ARCserve Backup r12.5 on Windows CA ARCserve Backup r11.1 Linux CA ARCserve Backup r11.5 Linux CA ARCserve for Windows Client Agent CA ARCserve for Windows Server component CA eTrust Intrusion Detection 2.0 SP1 CA eTrust Intrusion Detection 3.0 CA eTrust Intrusion Detection 3.0 SP1 CA Common Services (CCS) r3.1 CA Common Services (CCS) r11 CA Common Services (CCS) r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
Non-Affected Products
CA Anti-Virus engine with arclib version 8.1.4.0 or later installed
How to determine if the installation is affected
For products on Windows:
- Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*).
- Right click on the file and select Properties.
- Select the Version tab.
-
If the file version is earlier than indicated below, the installation is vulnerable.
File Name File Version arclib.dll 8.1.4.0
*For eTrust Intrusion Detection 2.0, the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib. If the version is less than 8.1.4.0, the installation is vulnerable.
Example compver utility output:
------------------------------------------------
COMPONENT NAME VERSION
------------------------------------------------
eTrust Antivirus Arclib Archive Library 8.1.4.0
... (followed by other components)
For reference, the following are file names for arclib on non-Windows operating systems:
Operating System File name
Solaris libarclib.so
Linux libarclib.so
Mac OS X arclib.bundle
Solution
CA released arclib 8.1.4.0 on August 12 2009. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.1: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11: apply fix # RO11964.
CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r11.1: apply fix # RO11964.
CA Common Services (CCS) r3.1: apply fix # RO11954.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 32bit: apply fix # RO10663.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 IA64: apply fix # RO10664.
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 AMD64: apply fix # RO10665.
CA Secure Content Manager (formerly eTrust Secure Content Manager) r1.1: apply fix # RO10999.
CA Secure Content Manager (formerly eTrust Secure Content Manager) r8.0: apply fix # RO10999.
CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: apply fix # RO11000.
CA Gateway Security r8.1: RO10999.
CA ARCserve for Windows Server component installed on a 64 bit machine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 (AMD64).
CA ARCserve for Windows Server component installed on a 32 bit machine: apply fix # RO10663.
CA ARCserve for Windows Client Agent installed on a 64 bit machine: apply fix # RO10664 (IA64) or RO10665 (AMD64).
CA ARCserve for Windows Client Agent installed on a 32 bit machine: apply fix # RO10663.
CA ARCserve for Linux Server r11.5: apply fix # RO10729.
CA ARCserve for Linux:
-
Download RO10729.tar.Z from RO10729 into a temporary location /tmp/RO10729
-
Uncompress and untar RO10729.tar.Z as follows: uncompress RO10729.tar.Z tar -xvf RO10729.tar The new "libarclib.so" will be extracted to /tmp/RO10729
-
Change the directory to $CAIGLBL0000/ino/config as follows: cd $CAIGLBL0000/ino/config
-
Rename "libarclib.so" to "libarclib.so.RO10729" as follows: mv libarclib.so libarclib.so.RO10729
-
Copy the new libarclib.so as follows: cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/
-
chmod +x $CAIGLBL0000/ino/config/libarclib.so
-
Stop the common agent (caagent stop)
-
Change the directory to ARCserve common agent directory (typically /opt/CA/BABcmagt) cd /opt/CA/BABcmagt Note: To find out the agent home directory run the following command: dirname 'ls -l /usr/bin/caagent |cut -f2 -d">"'
-
Save a copy of libarclib.so cp -p libarclib.so libarclib.so.RO10729
-
Copy over the new libarclib.so as follows: cp $/tmp/RO10729/libarclib.so.
-
Start the common agent (caagent start)
-
Repeat steps (7-11) on all remote Linux client agents' installations.
-
rm -rf /tmp/RO10729
Workaround
Do not open email attachments or download files from untrusted sources.
If additional information is required, please contact CA Support at http://support.ca.com/.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: CA Anti-Virus Engine RAR Processing Two Vulnerabilities
SECUNIA ADVISORY ID: SA36976
VERIFY ADVISORY: http://secunia.com/advisories/36976/
DESCRIPTION: Two vulnerabilities have been reported in multiple CA products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Successful exploitation may allow execution of arbitrary code.
Please see the vendor's advisory for detailed instructions on applying patches.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller.
ORIGINAL ADVISORY: CA20091008-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Background ~~~~~~~~~~~~~ Quote: "CA is one of the world's largest IT management software providers. We serve more than 99% of Fortune 1000 companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide"
"CA Anti-Virus for the Enterprise is the next generation in comprehensive anti-virus security for business PCs, servers and PDAs. It combines proactive protection against malware with new, powerful management features that stop and remove malicious code before it enters your network, reducing system downtime"
II.
Attacker has control over EBX :
Basic Block: 6e4305b0 mov cl,byte ptr [ebx] Tainted Input Operands: ebx 6e4305b2 add edi,28h 6e4305b5 push edi 6e4305b6 lea edx,[esp+14h] 6e4305ba mov byte ptr [esp+14h],cl Tainted Input Operands: cl 6e4305be inc ebx Tainted Input Operands: ebx 6e4305bf push edx 6e4305c0 mov ecx,esi 6e4305c2 mov dword ptr [esp+1ch],ebx Tainted Input Operands: ebx 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0)
III. Due to the nature of Anti-virus products, the attack vectors can be near endless. An attack could be done over the way of an E-mail message carrying an RAR attachment (of a file recognised as being RAR), USB, CD, Network data etc.
Please note that this is a general problem and not exclusive to Computer Associates.
IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 11.05.2009 - Reported CVE-2009-3587 03.06.2009 - Reported CVE-2009-3588 09.10.2009 - CA releases advisory https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 13.10.2009 - G-SEC releases advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anti-virus plus",
"scope": "eq",
"trust": 1.8,
"vendor": "ca",
"version": "2009"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r3.1"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r8"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "8.1"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r2"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r3"
},
{
"model": "internet security suite plus 2008",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite plus 2009",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"model": "threat manager total defense",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "etrust anti-virus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "7.1"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.0"
},
{
"model": "gateway security",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8.1"
},
{
"model": "internet security suite 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.0"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.1"
},
{
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r7.1"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11.1"
},
{
"model": "etrust anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "anti-virus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "7.1"
},
{
"model": "internet security suite plus 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.1"
},
{
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.0"
},
{
"model": "internet security suite plus 2009",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.0"
},
{
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.5"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "threat manager total defense",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "arcserve for windows client agent",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2009"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "arcserve for windows server component",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r8.1"
},
{
"model": "anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "anti-virus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus gateway",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus sdk",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve for windows client agent",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "arcserve for windows server component",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "common services",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust intrusion detection",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "gateway security",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "protection suites",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "secure content manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "threat manager for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust ez antivirus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.1"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "1.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates threat manager total defense",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates threat manager for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates threat manager for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates protection suites r2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates protection suites r3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates protection suites",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20073.0"
},
{
"model": "associates gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates etrust intrusion detection sp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.01"
},
{
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates etrust intrusion detection sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0.0"
},
{
"model": "associates etrust ez antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates common services r11.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services r11",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.5"
},
{
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"model": "associates brightstor arcserve backup r12.0 windows sp1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates anti-virus sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates anti-virus gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates anti-virus for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus for the enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates anti-virus plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20090"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20078"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2008"
}
],
"sources": [
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:etrust_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_client_agent",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_server_component",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:common_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_intrusion_detection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:gateway_security",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite_plus_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite_plus_2009",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:network_and_systems_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:protection_suites",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:secure_content_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager_total_defense",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_ez_antivirus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thierry Zoller",
"sources": [
{
"db": "BID",
"id": "36653"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
}
],
"trust": 1.0
},
"cve": "CVE-2009-3587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3587",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-41033",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3587",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-3587",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-199",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-41033",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. This vulnerability CVE-2009-3588 Is a different vulnerability.Skillfully crafted by a third party RAR Service disruption via archive files (DoS) Could be put into a state or execute arbitrary code. Multiple Computer Associates products are prone to memory-corruption vulnerabilities that affect the Anti-Virus engine. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected applications or cause denial-of-service conditions. \nThe issues affect the Anti-Virus engine with versions prior to \u0027arclib\u0027 8.1.4.0. Computer Associates is the world\u0027s leading security vendor, products include a variety of anti-virus software and backup recovery systems. \nCA20091008-01: Security Notice for CA Anti-Virus Engine\n\n\nIssued: October 8, 2009\n\n\nCA\u0027s support is alerting customers to multiple security risks \nassociated with CA Anti-Virus Engine. Vulnerabilities exist in \nthe arclib component that can allow a remote attacker to cause a \ndenial of service, or to cause heap corruption and potentially \nfurther compromise a system. CA has issued fixes to address the \nvulnerabilities. An attacker can create a \nmalformed RAR archive file that results in heap corruption and \nallows the attacker to cause a denial of service or possibly \nfurther compromise the system. An attacker can create a \nmalformed RAR archive file that results in stack corruption and \nallows the attacker to cause a denial of service. \n\n\nRisk Rating\n\nMedium\n\n\nPlatform\n\nWindows\nUNIX\nLinux\nSolaris\nMac OS X\nNetware\n\n\nAffected Products\n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8.1\nCA Anti-Virus 2007 (v8)\nCA Anti-Virus 2008\nCA Anti-Virus 2009\nCA Anti-Virus Plus 2009\neTrust EZ Antivirus r7.1\nCA Internet Security Suite 2007 (v3)\nCA Internet Security Suite 2008\nCA Internet Security Suite Plus 2008\nCA Internet Security Suite Plus 2009\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) r8\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) 8.1\nCA Threat Manager Total Defense\nCA Gateway Security r8.1\nCA Protection Suites r2\nCA Protection Suites r3\nCA Protection Suites r3.1\nCA Secure Content Manager (formerly eTrust Secure Content \n Manager) 1.1\nCA Secure Content Manager (formerly eTrust Secure Content \n Manager) 8.0\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r3.0\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r3.1\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r11\nCA Network and Systems Management (NSM) (formerly Unicenter \n Network and Systems Management) r11.1\nCA ARCserve Backup r11.5 on Windows\nCA ARCserve Backup r12 on Windows\nCA ARCserve Backup r12.0 SP1 on Windows\nCA ARCserve Backup r12.0 SP 2 on Windows\nCA ARCserve Backup r12.5 on Windows\nCA ARCserve Backup r11.1 Linux\nCA ARCserve Backup r11.5 Linux\nCA ARCserve for Windows Client Agent\nCA ARCserve for Windows Server component\nCA eTrust Intrusion Detection 2.0 SP1\nCA eTrust Intrusion Detection 3.0\nCA eTrust Intrusion Detection 3.0 SP1\nCA Common Services (CCS) r3.1\nCA Common Services (CCS) r11\nCA Common Services (CCS) r11.1\nCA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)\nCA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1\n\n\nNon-Affected Products\n\nCA Anti-Virus engine with arclib version 8.1.4.0 or later \ninstalled\n\n\nHow to determine if the installation is affected\n\nFor products on Windows:\n\n1. Using Windows Explorer, locate the file \"arclib.dll\". By \n default, the file is located in the \n \"C:\\Program Files\\CA\\SharedComponents\\ScanEngine\" directory (*). \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. If the file version is earlier than indicated below, the \n installation is vulnerable. \n\n File Name File Version\n arclib.dll 8.1.4.0\n\n*For eTrust Intrusion Detection 2.0, the file is located in \n\"Program Files\\eTrust\\Intrusion Detection\\Common\", and for eTrust \nIntrusion Detection 3.0 and 3.0 sp1, the file is located in \n\"Program Files\\CA\\Intrusion Detection\\Common\". \n\nFor CA Anti-Virus r8.1 on non-Windows platforms:\n\nUse the compver utility provided on the CD to determine the \nversion of Arclib. If the version is less than 8.1.4.0, the \ninstallation is vulnerable. \n\nExample compver utility output:\n\n ------------------------------------------------\n COMPONENT NAME VERSION\n ------------------------------------------------\n eTrust Antivirus Arclib Archive Library 8.1.4.0\n ... (followed by other components)\n \n\nFor reference, the following are file names for arclib on \nnon-Windows operating systems:\n\n Operating System File name\n Solaris libarclib.so\n Linux libarclib.so\n Mac OS X arclib.bundle\n\n\nSolution\n\nCA released arclib 8.1.4.0 on August 12 2009. If your product is \nconfigured for automatic updates, you should already be protected, \nand you need to take no action. If your product is not configured \nfor automatic updates, then you simply need to run the update \nutility included with your product. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r3.0: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r3.1: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r11: apply fix # RO11964. \n\nCA Network and Systems Management (NSM) (formerly Unicenter \nNetwork and Systems Management) r11.1: apply fix # RO11964. \n\nCA Common Services (CCS) r3.1: apply fix # RO11954. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \n32bit: apply fix # RO10663. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \nIA64: apply fix # RO10664. \n\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 \nAMD64: apply fix # RO10665. \n\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \nr1.1: apply fix # RO10999. \n\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \nr8.0: apply fix # RO10999. \n\nCA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1: \napply fix # RO11000. \n\nCA Gateway Security r8.1: RO10999. \n\nCA ARCserve for Windows Server component installed on a 64 bit \nmachine: apply fixes # RO10663 and RO10664 (IA64) or RO10665 \n(AMD64). \n\nCA ARCserve for Windows Server component installed on a 32 bit \nmachine: apply fix # RO10663. \n\nCA ARCserve for Windows Client Agent installed on a 64 bit \nmachine: apply fix # RO10664 (IA64) or RO10665 (AMD64). \n\nCA ARCserve for Windows Client Agent installed on a 32 bit \nmachine: apply fix # RO10663. \n\nCA ARCserve for Linux Server r11.5: apply fix # RO10729. \n\nCA ARCserve for Linux:\n\n1. Download RO10729.tar.Z from RO10729 into a temporary location \n /tmp/RO10729\n\n2. Uncompress and untar RO10729.tar.Z as follows:\n uncompress RO10729.tar.Z\n tar -xvf RO10729.tar\n The new \"libarclib.so\" will be extracted to /tmp/RO10729\n\n3. Change the directory to $CAIGLBL0000/ino/config as follows:\n cd $CAIGLBL0000/ino/config\n\n4. Rename \"libarclib.so\" to \"libarclib.so.RO10729\" as follows:\n mv libarclib.so libarclib.so.RO10729\n\n5. Copy the new libarclib.so as follows:\n cp /tmp/RO10729/libarclib.so $CAIGLBL0000/ino/config/\n\n6. chmod +x $CAIGLBL0000/ino/config/libarclib.so\n\n7. Stop the common agent (caagent stop)\n\n8. Change the directory to ARCserve common agent directory \n (typically /opt/CA/BABcmagt)\n cd /opt/CA/BABcmagt\n Note: To find out the agent home directory run the following \n command:\n dirname \u0027ls -l /usr/bin/caagent |cut -f2 -d\"\u003e\"\u0027\n\n9. Save a copy of libarclib.so\n cp -p libarclib.so libarclib.so.RO10729\n\n10. Copy over the new libarclib.so as follows:\n cp $/tmp/RO10729/libarclib.so. \n\n11. Start the common agent (caagent start)\n\n12. Repeat steps (7-11) on all remote Linux client agents\u0027 \n installations. \n\n13. rm -rf /tmp/RO10729\n\n\nWorkaround\n\nDo not open email attachments or download files from untrusted \nsources. \n\n\nIf additional information is required, please contact CA Support \nat http://support.ca.com/. \n\n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nsupport.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Anti-Virus Engine RAR Processing Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA36976\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36976/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in multiple CA products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService) or to potentially compromise a vulnerable system. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nPlease see the vendor\u0027s advisory for detailed instructions on\napplying patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thierry Zoller. \n\nORIGINAL ADVISORY:\nCA20091008-01:\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Background\n~~~~~~~~~~~~~\nQuote: \n\"CA is one of the world\u0027s largest IT management software providers. \nWe serve more than 99% of Fortune 1000 companies, as well as government \nentities, educational institutions and thousands of other companies \nin diverse industries worldwide\" \n\n\"CA Anti-Virus for the Enterprise is the next generation in comprehensive \nanti-virus security for business PCs, servers and PDAs. It combines \nproactive protection against malware with new, powerful management \nfeatures that stop and remove malicious code before it enters your \nnetwork, reducing system downtime\"\n\n\nII. \n\nAttacker has control over EBX :\n\nBasic Block:\n 6e4305b0 mov cl,byte ptr [ebx]\n Tainted Input Operands: ebx\n 6e4305b2 add edi,28h\n 6e4305b5 push edi\n 6e4305b6 lea edx,[esp+14h]\n 6e4305ba mov byte ptr [esp+14h],cl\n Tainted Input Operands: cl\n 6e4305be inc ebx\n Tainted Input Operands: ebx\n 6e4305bf push edx\n 6e4305c0 mov ecx,esi\n 6e4305c2 mov dword ptr [esp+1ch],ebx\n Tainted Input Operands: ebx\n 6e4305c6 call arclib!arctkopenarchive+0x283a0 (6e42f9f0)\n \n \n\nIII. \nDue to the nature of Anti-virus products, the attack vectors can be near endless. An attack\ncould be done over the way of an E-mail message carrying an RAR attachment (of a file\nrecognised as being RAR), USB, CD, Network data etc. \n\nPlease note that this is a general problem and not exclusive to Computer Associates. \n\n\nIV. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD.MM.YYYY\n11.05.2009 - Reported CVE-2009-3587 \n03.06.2009 - Reported CVE-2009-3588\n09.10.2009 - CA releases advisory\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878\n13.10.2009 - G-SEC releases advisory\n\n\n\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3587"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3587",
"trust": 3.0
},
{
"db": "BID",
"id": "36653",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "36976",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "58691",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-2852",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022999",
"trust": 2.5
},
{
"db": "XF",
"id": "53697",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "81918",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "81986",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41033",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81885",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"id": "VAR-200910-0352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:43:32.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "218878",
"trust": 0.8,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/36653"
},
{
"trust": 2.5,
"url": "http://osvdb.org/58691"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022999"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/36976"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"trust": 2.2,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=218878"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3587"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/53697"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3587"
},
{
"trust": 0.4,
"url": "http://blog.g-sec.lu/2009/10/computer-associates-multiple-products.html"
},
{
"trust": 0.4,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/507101"
},
{
"trust": 0.3,
"url": "/archive/1/507068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3588"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3587"
},
{
"trust": 0.1,
"url": "http://support.ca.com/."
},
{
"trust": 0.1,
"url": "https://www.g-sec.lu"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36976/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41033"
},
{
"db": "BID",
"id": "36653"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "PACKETSTORM",
"id": "81885"
},
{
"db": "PACKETSTORM",
"id": "81986"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41033"
},
{
"date": "2009-10-09T00:00:00",
"db": "BID",
"id": "36653"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"date": "2009-10-12T20:41:50",
"db": "PACKETSTORM",
"id": "81918"
},
{
"date": "2009-10-12T11:21:41",
"db": "PACKETSTORM",
"id": "81885"
},
{
"date": "2009-10-14T23:09:22",
"db": "PACKETSTORM",
"id": "81986"
},
{
"date": "2009-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"date": "2009-10-13T10:30:00.610000",
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-41033"
},
{
"date": "2009-10-13T15:38:00",
"db": "BID",
"id": "36653"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002628"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-199"
},
{
"date": "2024-11-21T01:07:44.420000",
"db": "NVD",
"id": "CVE-2009-3587"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81918"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Product Anti-Virus In the engine arclib Vulnerability in arbitrary code execution in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-199"
}
],
"trust": 0.6
}
}
var-200707-0263
Vulnerability from variot
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. Multiple Computer Associates products are prone to a denial-of-service vulnerability because the applications fail to handle malformed CHM files. Successfully exploiting this issue will cause the affected applications to stop responding, denying service to legitimate users. This issue affects applications that use the 'arclib.dll' library versions prior to 7.3.0.9. The Arclib.DLL library in eTrust products has a security vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: [CAID 35525, 35526]: CA Products Arclib Library Denial of Service Vulnerabilities
CA Vuln ID (CAID): 35525, 35526
CA Advisory Date: 2007-07-24
Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put working with the iDefense VCP. CVE-2007-3875 - An anonymous researcher working with the iDefense VCP. Sergio Alvarez of n.runs AG also reported these issues.
Impact: A remote attacker can cause a denial of service.
Summary: CA products that utilize the Arclib library contain two denial of service vulnerabilities. The second vulnerability, CVE-2006-5645, is due to an application hang when processing a specially malformed RAR file.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products: CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.0, 7.1, r8, r8.1 CA Anti-Virus 2007 (v8) eTrust EZ Antivirus r7, r6.1 CA Internet Security Suite 2007 (v3) eTrust Internet Security Suite r1, r2 eTrust EZ Armor r1, r2, r3.x CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8 CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus Gateway) 7.1 CA Protection Suites r2, r3 CA Secure Content Manager (formerly eTrust Secure Content Manager) 1.1, 8.0 CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1 CA Anti-Spyware 2007 Unicenter Network and Systems Management (NSM) r3.0, r3.1, r11, r11.1 BrightStor ARCserve Backup v9.01, r11 for Windows, r11.1, r11.5 BrightStor Enterprise Backup r10.5 BrightStor ARCserve Client agent for Windows eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1 CA Common Services (CCS) r11, r11.1 CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)
Status and Recommendation: CA has provided an update to address the vulnerabilities. The updated Arclib library is provided in automatic content updates with most products. Ensure that the latest content update is installed. In the case where automatic updates are not available, use the following product specific instructions.
CA Secure Content Manager 1.1: Apply QO89469.
CA Secure Content Manager 8.0: Apply QO87114.
Unicenter Network and Systems Management (NSM) r3.0: Apply QO89141.
Unicenter Network and Systems Management (NSM) r3.1: Apply QO89139.
Unicenter Network and Systems Management (NSM) r11: Apply QO89140.
Unicenter Network and Systems Management (NSM) r11.1: Apply QO89138.
CA Common Services (CCS) r11: Apply QO89140.
CA Common Services (CCS) r11.1: Apply QO89138.
CA Anti-Virus Gateway 7.1: Apply QO89381.
eTrust Intrusion Detection 2.0 SP1: Apply QO89474.
eTrust Intrusion Detection 3.0: Apply QO86925.
eTrust Intrusion Detection 3.0 SP1: Apply QO86923.
CA Protection Suites r2: Apply updates for CA Anti-Virus 7.1.
BrightStor ARCserve Backup and BrightStor ARCserve Client agent for Windows:
Manually replace the arclib.dll file with the one provided in the CA Anti-Virus 7.1 fix set.
- Locate and rename the existing arclib.dll file.
- Download the CA Anti-Virus 7.1 patch that matches the host operating system.
- Unpack the patch and place the arclib.dll file in directory where the existing arclib.dll file was found in step 1.
- Reboot the host.
CA Anti-Virus 7.1 (non Windows):
T229327 – Solaris – QO86831 T229328 – Netware – QO86832 T229329 – MacPPC – QO86833 T229330 – MacIntel – QO86834 T229331 – Linux390 – QO86835 T229332 – Linux – QO86836 T229333 – HP-UX – QO86837
CA Anti-Virus 7.1 (Windows):
T229337 – NT (32 bit) – QO86843 T229338 – NT (AMD64) – QO86846
CA Threat Manager for the Enterprise r8.1 (non Windows):
T229334 – Linux – QO86839 T229335 – Mac – QO86828 T229336 – Solaris – QO86829
How to determine if you are affected: For products on Windows: 1. Using Windows Explorer, locate the file “arclib.dll”. By default, the file is located in the “C:\Program Files\CA\SharedComponents\ScanEngine” directory(*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is earlier than indicated in the table below, the installation is vulnerable.
File Name File Version arclib.dll 7.3.0.9
*For eTrust Intrusion Detection 2.0 the file is located in “Program Files\eTrust\Intrusion Detection\Common”, and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in “Program Files\CA\Intrusion Detection\Common”.
For CA Anti-Virus r8.1 on non-Windows: Use the compver utility provided on the CD to determine the version of arclib.dll. The same version information above applies.
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Security Notice for CA Products Containing Arclib http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot .asp Solution Document Reference APARs: QO89469, QO87114, QO89141, QO89139, QO89140, QO89138, QO89140, QO89138, QO89381, QO89474, QO86925, QO86923, QO86831, QO86832, QO86833, QO86834, QO86835, QO86836, QO86837, QO86843, QO86846, QO86839, QO86828, QO86829 CA Security Advisor posting: CA Products Arclib Library Denial of Service Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847 CA Vuln ID (CAID): 35525, 35526 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35525 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35526 Reported By: CVE-2006-5645 - Titon of BastardLabs and Damian Put working with the iDefense VCP. CVE-2007-3875 - An anonymous researcher working with the iDefense VCP. Sergio Alvarez of n.runs AG also reported these issues. iDefense advisories: Computer Associates AntiVirus CHM File Handling DoS Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 CVE References: CVE-2006-5645, CVE-2007-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5645 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3875 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFGpp9beSWR3+KUGYURAplHAJ4paEd/cX+2AxdBWfnw2zhfjAGQwACfW+mo tCqbonQi4DvtQ9a45c65y70= =o8Ac -----END PGP SIGNATURE----- . BACKGROUND
eTrust is an antivirus application developed by Computer Associates. More information can be found on the vendor's website at the following URL.
http://www3.ca.com/solutions/product.aspx?ID=156
II. DESCRIPTION
Remote exploitation of a denial of Service (DoS) vulnerability in Computer Associates Inc.'s eTrust Antivirus products could allow attackers to create a DoS condition on the affected computer.
III. ANALYSIS
This denial of service attack will prevent the scanner from scanning other files on disk while it is stuck on the exploit file. The hung process can be quit by the user and does not consume all system resources.
IV. DETECTION
iDefense has confirmed this vulnerability in eTrust AntiVirus version r8. Previous versions of eTrust Antivirus are suspected vulnerable. Other Computer Associates products, as well as derived products, may also be vulnerable.
V. WORKAROUND
iDefense is not aware of any workarounds for this issue.
VI. VENDOR RESPONSE
Computer Associates has addressed this vulnerability by releasing updates. More information is available within Computer Associates advisory at the following URL.
http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3875 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
01/16/2007 Initial vendor notification 01/17/2007 Initial vendor response 07/24/2007 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. scanning a specially crafted RAR archive. Please see the vendor's advisory for details. 2) The vendor credits Titon of BastardLabs and Damian Put, reported via iDefense Labs.
ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp
iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r3"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.4,
"vendor": "ca",
"version": "8"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "etrust internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2"
},
{
"model": "etrust internet security suite",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1"
},
{
"model": "antivirus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "anti-virus for the enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.0"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.0"
},
{
"model": "brigthstor arcserve client for windows",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"model": "threat manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "antispyware for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "antispyware for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "brightstor enterprise backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "10.5"
},
{
"model": "etrust ez armor",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "etrust antivirus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "9.01"
},
{
"model": "etrust antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8"
},
{
"model": "anti-spyware",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11"
},
{
"model": "anti virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.1"
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.5"
},
{
"model": "etrust ez armor",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "brightstor arcserve client",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r2"
},
{
"model": "etrust ez armor",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1"
},
{
"model": "anti-spyware",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "brightstor arcserve backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "brightstor arcserve client",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "brightstor enterprise backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "brigthstor arcserve client for windows",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-spyware for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "anti-virus sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "common services",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "protection suites",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "secure content manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "threat manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust antivirus gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "etrust ez armor",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "etrust internet security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "8"
},
{
"model": "unicenter network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "threat manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8"
},
{
"model": "anti-spyware",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "2007"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "7.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "7.1"
},
{
"model": "common services",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11"
},
{
"model": "secure content manager",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.0"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "3.0"
},
{
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.1"
},
{
"model": "associates etrust antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.1"
},
{
"model": "associates protection suites r2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates etrust internet security suite r1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates anti-virus gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates etrust intrusion detection sp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.01"
},
{
"model": "associates anti-spyware for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust ez armor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0"
},
{
"model": "associates etrust antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates protection suites r3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-spyware",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2007"
},
{
"model": "associates etrust antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.0"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20073.0"
},
{
"model": "associates etrust ez armor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates common services r11.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates anti-spyware for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates common services r11",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust antivirus r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust intrusion detection sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0.0"
},
{
"model": "associates etrust ez armor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates etrust ez armor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust antivirus r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates anti-virus for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates anti-virus sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates arcserve client agent for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20078"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust internet security suite r2",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
}
],
"sources": [
{
"db": "BID",
"id": "25049"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:anti-spyware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:brightstor_arcserve_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:brightstor_arcserve_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:brightstor_enterprise_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:brigthstor_arcserve_client_for_windows",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:common_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_intrusion_detection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:protection_suites",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:secure_content_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_anti-virus_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_ez_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_ez_armor",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:unicenter_network_and_systems_management",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-3875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-27237",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3875",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3875",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-453",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-27237",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27237"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid \"previous listing chunk number\" field in a CHM file. Multiple Computer Associates products are prone to a denial-of-service vulnerability because the applications fail to handle malformed CHM files. \nSuccessfully exploiting this issue will cause the affected applications to stop responding, denying service to legitimate users. \nThis issue affects applications that use the \u0027arclib.dll\u0027 library versions prior to 7.3.0.9. The Arclib.DLL library in eTrust products has a security vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTitle: [CAID 35525, 35526]: CA Products Arclib Library Denial of \nService Vulnerabilities\n\nCA Vuln ID (CAID): 35525, 35526\n\nCA Advisory Date: 2007-07-24\n\nReported By:\nCVE-2006-5645 - Titon of BastardLabs and Damian Put \n \u003cpucik at overflow dot pl\u003e working with the iDefense VCP. \nCVE-2007-3875 - An anonymous researcher working with the iDefense \n VCP. \nSergio Alvarez of n.runs AG also reported these issues. \n\nImpact: A remote attacker can cause a denial of service. \n\nSummary: CA products that utilize the Arclib library contain two \ndenial of service vulnerabilities. The second vulnerability, \nCVE-2006-5645, is due to an application hang when processing a \nspecially malformed RAR file. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\nAffected Products:\nCA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.0, \n 7.1, r8, r8.1\nCA Anti-Virus 2007 (v8)\neTrust EZ Antivirus r7, r6.1\nCA Internet Security Suite 2007 (v3)\neTrust Internet Security Suite r1, r2\neTrust EZ Armor r1, r2, r3.x\nCA Threat Manager for the Enterprise (formerly eTrust Integrated \n Threat Management) r8\nCA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus \n Gateway) 7.1\nCA Protection Suites r2, r3\nCA Secure Content Manager (formerly eTrust Secure Content Manager) \n 1.1, 8.0\nCA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) \n r8, 8.1\nCA Anti-Spyware 2007\nUnicenter Network and Systems Management (NSM) r3.0, r3.1, r11, \n r11.1\nBrightStor ARCserve Backup v9.01, r11 for Windows, r11.1, r11.5\nBrightStor Enterprise Backup r10.5\nBrightStor ARCserve Client agent for Windows\neTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1\nCA Common Services (CCS) r11, r11.1\nCA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)\n\nStatus and Recommendation:\nCA has provided an update to address the vulnerabilities. The \nupdated Arclib library is provided in automatic content updates \nwith most products. Ensure that the latest content update is \ninstalled. In the case where automatic updates are not available, \nuse the following product specific instructions. \n\nCA Secure Content Manager 1.1:\nApply QO89469. \n\nCA Secure Content Manager 8.0:\nApply QO87114. \n\nUnicenter Network and Systems Management (NSM) r3.0:\nApply QO89141. \n\nUnicenter Network and Systems Management (NSM) r3.1:\nApply QO89139. \n\nUnicenter Network and Systems Management (NSM) r11:\nApply QO89140. \n\nUnicenter Network and Systems Management (NSM) r11.1:\nApply QO89138. \n\nCA Common Services (CCS) r11:\nApply QO89140. \n\nCA Common Services (CCS) r11.1:\nApply QO89138. \n\nCA Anti-Virus Gateway 7.1:\nApply QO89381. \n\neTrust Intrusion Detection 2.0 SP1:\nApply QO89474. \n\neTrust Intrusion Detection 3.0:\nApply QO86925. \n\neTrust Intrusion Detection 3.0 SP1:\nApply QO86923. \n\nCA Protection Suites r2:\nApply updates for CA Anti-Virus 7.1. \n\nBrightStor ARCserve Backup and BrightStor ARCserve Client agent \nfor Windows:\n\nManually replace the arclib.dll file with the one provided in the \nCA Anti-Virus 7.1 fix set. \n\n1. Locate and rename the existing arclib.dll file. \n2. Download the CA Anti-Virus 7.1 patch that matches the host \n operating system. \n3. Unpack the patch and place the arclib.dll file in directory \n where the existing arclib.dll file was found in step 1. \n4. Reboot the host. \n\nCA Anti-Virus 7.1 (non Windows):\n\nT229327 \u2013 Solaris \u2013 QO86831\nT229328 \u2013 Netware \u2013 QO86832\nT229329 \u2013 MacPPC \u2013 QO86833\nT229330 \u2013 MacIntel \u2013 QO86834\nT229331 \u2013 Linux390 \u2013 QO86835\nT229332 \u2013 Linux \u2013 QO86836\nT229333 \u2013 HP-UX \u2013 QO86837\n\nCA Anti-Virus 7.1 (Windows):\n\nT229337 \u2013 NT (32 bit) \u2013 QO86843\nT229338 \u2013 NT (AMD64) \u2013 QO86846\n\nCA Threat Manager for the Enterprise r8.1 (non Windows):\n\nT229334 \u2013 Linux \u2013 QO86839 \nT229335 \u2013 Mac \u2013 QO86828\nT229336 \u2013 Solaris \u2013 QO86829\n\nHow to determine if you are affected:\nFor products on Windows:\n1. Using Windows Explorer, locate the file \u201carclib.dll\u201d. By \n default, the file is located in the \n \u201cC:\\Program Files\\CA\\SharedComponents\\ScanEngine\u201d directory(*). \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. If the file version is earlier than indicated in the table \n below, the installation is vulnerable. \n\nFile Name File Version\narclib.dll 7.3.0.9\n\n*For eTrust Intrusion Detection 2.0 the file is located in \n\u201cProgram Files\\eTrust\\Intrusion Detection\\Common\u201d, and for eTrust \nIntrusion Detection 3.0 and 3.0 sp1, the file is located in \n\u201cProgram Files\\CA\\Intrusion Detection\\Common\u201d. \n\nFor CA Anti-Virus r8.1 on non-Windows:\nUse the compver utility provided on the CD to determine the \nversion of arclib.dll. The same version information above applies. \n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nSecurity Notice for CA Products Containing Arclib\nhttp://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot\n.asp\nSolution Document Reference APARs:\nQO89469, QO87114, QO89141, QO89139, QO89140, QO89138, QO89140, \nQO89138, QO89381, QO89474, QO86925, QO86923, QO86831, QO86832, \nQO86833, QO86834, QO86835, QO86836, QO86837, QO86843, QO86846, \nQO86839, QO86828, QO86829\nCA Security Advisor posting: \nCA Products Arclib Library Denial of Service Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847\nCA Vuln ID (CAID): 35525, 35526\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35525\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35526\nReported By:\nCVE-2006-5645 - Titon of BastardLabs and Damian Put \n \u003cpucik at overflow dot pl\u003e working with the iDefense VCP. \nCVE-2007-3875 - An anonymous researcher working with the iDefense \n VCP. \nSergio Alvarez of n.runs AG also reported these issues. \niDefense advisories: \nComputer Associates AntiVirus CHM File Handling DoS Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567\nMultiple Vendor Antivirus RAR File Denial of Service Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439\nCVE References:\nCVE-2006-5645, CVE-2007-3875\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5645\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3875\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.5.3 (Build 5003)\n\nwj8DBQFGpp9beSWR3+KUGYURAplHAJ4paEd/cX+2AxdBWfnw2zhfjAGQwACfW+mo\ntCqbonQi4DvtQ9a45c65y70=\n=o8Ac\n-----END PGP SIGNATURE-----\n. BACKGROUND\n\neTrust is an antivirus application developed by Computer Associates. \nMore information can be found on the vendor\u0027s website at the following\nURL. \n\nhttp://www3.ca.com/solutions/product.aspx?ID=156\n\nII. DESCRIPTION\n\nRemote exploitation of a denial of Service (DoS) vulnerability in\nComputer Associates Inc.\u0027s eTrust Antivirus products could allow\nattackers to create a DoS condition on the affected computer. \n\nIII. ANALYSIS\n\nThis denial of service attack will prevent the scanner from scanning\nother files on disk while it is stuck on the exploit file. The hung\nprocess can be quit by the user and does not consume all system\nresources. \n\nIV. DETECTION\n\niDefense has confirmed this vulnerability in eTrust AntiVirus version\nr8. Previous versions of eTrust Antivirus are suspected vulnerable. \nOther Computer Associates products, as well as derived products, may\nalso be vulnerable. \n\nV. WORKAROUND\n\niDefense is not aware of any workarounds for this issue. \n\nVI. VENDOR RESPONSE\n\nComputer Associates has addressed this vulnerability by releasing\nupdates. More information is available within Computer Associates\nadvisory at the following URL. \n\nhttp://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2007-3875 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/16/2007 Initial vendor notification\n01/17/2007 Initial vendor response\n07/24/2007 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2007 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. scanning a specially\ncrafted RAR archive. Please see the vendor\u0027s advisory for\ndetails. \n2) The vendor credits Titon of BastardLabs and Damian Put, reported\nvia iDefense Labs. \n\nORIGINAL ADVISORY:\nCA:\nhttp://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp\n\niDefense Labs:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3875"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "BID",
"id": "25049"
},
{
"db": "VULHUB",
"id": "VHN-27237"
},
{
"db": "PACKETSTORM",
"id": "58024"
},
{
"db": "PACKETSTORM",
"id": "58018"
},
{
"db": "PACKETSTORM",
"id": "58032"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-27237",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27237"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3875",
"trust": 3.0
},
{
"db": "BID",
"id": "25049",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26155",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2007-2639",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018450",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "58018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "58024",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-27237",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58032",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27237"
},
{
"db": "BID",
"id": "25049"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "PACKETSTORM",
"id": "58024"
},
{
"db": "PACKETSTORM",
"id": "58018"
},
{
"db": "PACKETSTORM",
"id": "58032"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"id": "VAR-200707-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-27237"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:57:26.565000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ca.com/"
},
{
"title": "CA eTrust Repair measures for multiple product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146845"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
},
{
"trust": 2.2,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567"
},
{
"trust": 1.8,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25049"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/474601/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/474605/100/100/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/474683/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018450"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26155"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2639"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35573"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3875"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3875"
},
{
"trust": 0.3,
"url": "/archive/1/474601"
},
{
"trust": 0.3,
"url": "/archive/1/474568"
},
{
"trust": 0.3,
"url": "/archive/1/474605"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3875"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5645"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35526"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5645"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35525"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://www3.ca.com/solutions/product.aspx?id=156"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14862/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4088/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86829"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86846"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/314/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86837"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14867/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86831"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86835"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14433/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3099/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3391/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4092/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14804/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8147/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89139"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14868/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14434/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86828"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89474\u0026startsearch=1"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86843"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14864/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14869/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86832"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89469"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86839"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14436/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8144/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26155/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14866/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14865/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89381\u0026startsearch=1"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86833"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89138\u0026startsearch=1"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2198/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8250/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3390/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/8119/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89140"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86925\u0026startsearch=1"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/313/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86836"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14435/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo87114"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86923\u0026startsearch=1"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo86834"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89141"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10672/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7112/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10673/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-27237"
},
{
"db": "BID",
"id": "25049"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "PACKETSTORM",
"id": "58024"
},
{
"db": "PACKETSTORM",
"id": "58018"
},
{
"db": "PACKETSTORM",
"id": "58032"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-27237"
},
{
"db": "BID",
"id": "25049"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"db": "PACKETSTORM",
"id": "58024"
},
{
"db": "PACKETSTORM",
"id": "58018"
},
{
"db": "PACKETSTORM",
"id": "58032"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-27237"
},
{
"date": "2007-07-24T00:00:00",
"db": "BID",
"id": "25049"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"date": "2007-07-25T04:50:57",
"db": "PACKETSTORM",
"id": "58024"
},
{
"date": "2007-07-25T04:42:29",
"db": "PACKETSTORM",
"id": "58018"
},
{
"date": "2007-07-26T04:26:32",
"db": "PACKETSTORM",
"id": "58032"
},
{
"date": "2007-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"date": "2007-07-26T00:30:00",
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-27237"
},
{
"date": "2007-07-27T18:05:00",
"db": "BID",
"id": "25049"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002374"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-453"
},
{
"date": "2024-11-21T00:34:17.190000",
"db": "NVD",
"id": "CVE-2007-3875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "58018"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CA Anti-Virus Such as arclib.dll Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002374"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-453"
}
],
"trust": 0.6
}
}
CVE-2009-3588 (GCVE-0-2009-3588)
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 | vdb-entry, x_refsource_XF | |
| http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36976 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022999 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/2852 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/507068/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/36653 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ca-rar-dos(53698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ca-rar-dos(53698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ca-rar-dos(53698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "36976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3588",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-08T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3587 (GCVE-0-2009-3587)
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 | x_refsource_CONFIRM | |
| http://osvdb.org/58691 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/36976 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1022999 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/2852 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53697 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/507068/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/36653 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"name": "58691",
"refsource": "OSVDB",
"url": "http://osvdb.org/58691"
},
{
"name": "36976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36976"
},
{
"name": "1022999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022999"
},
{
"name": "ADV-2009-2852",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"name": "ca-rar-code-execution(53697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"name": "20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"name": "36653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3587",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-08T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A08C715-A351-466D-99EC-006C106A3366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD8D5F0-9606-4BBA-B7F9-ACD089B84DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69184A5E-4FA9-4896-B6E8-1B9D4D62D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30C4FF9-DB76-4B3F-9582-752097B3D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "6050CADE-7BAF-45B7-A031-F70558C7CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0186ADA-0E20-4E14-B9D5-19CDFC1BD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75FF0F-A36C-40AF-A99E-1596A6A6FE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8CEF9-6AEC-4771-98F7-051E4B3E0848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5603FDAD-A347-4A44-BC45-1ADC44601D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5086D7CF-EBAB-4E30-98E0-0D276CC1C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAD043E-3ABE-46D7-AD17-A68858692A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C13B0E1-DCEE-46E5-81A3-C08C07C58B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257CC950-F1BB-4D0A-9B05-98A58DB67532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A641A2-4147-4C41-B102-18417ECA9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B44F941C-83DC-4EDA-B258-C35F5EDA819E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951062B1-C72B-4EAF-BA54-6986434036FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0115D81C-2CA2-424C-BE4B-0896C9ADA68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A38801CD-167E-408E-89BD-52BB1B89041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AEE8BC-8D0E-464F-88B7-5C2C2D372AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:arcserve_backup:r12.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0486108C-E36C-4746-919E-C760E10EBAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:arcserve_backup:r12.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CD2F60F0-E8B8-46E6-932E-DF9F4457B47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8713893-59CE-486A-9262-E755A8F2D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587."
},
{
"lang": "es",
"value": "Vulnerabilidad inespec\u00edfica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegaci\u00f3n de servicio a trav\u00e9s de un archivo RAR manipulado que inicia la corrupci\u00f3n de la pila, una vulnerabilidad diferente que CVE-2009-3587."
}
],
"id": "CVE-2009-3588",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2007:8:*:*:*:*:*:*",
"matchCriteriaId": "C469EBBE-EE96-4CED-BD8C-36461750C6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5E892B-0EE8-4B76-97B8-0BAF17E83F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*",
"matchCriteriaId": "11BCD267-E8CE-4A97-B769-5F4CAF9830D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865B7BD2-3AD1-41CA-842B-47BC4F1426DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2FA702-184A-44FF-8DEA-7811804EE175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D301B65D-A20B-4991-A0D8-DFE3363F162B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A08C715-A351-466D-99EC-006C106A3366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*",
"matchCriteriaId": "05185A74-8484-419D-A3CE-8603928AF0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52C533CA-ACB7-4C0F-98E2-B5E51E24A554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD8D5F0-9606-4BBA-B7F9-ACD089B84DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69184A5E-4FA9-4896-B6E8-1B9D4D62D099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30C4FF9-DB76-4B3F-9582-752097B3D521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "285013A5-E058-4B2B-B8B6-1BFF72388589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF55705-42ED-4503-8534-FDEA365E84E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB548763-E1A7-4DB1-BE86-ED5AA1CA81BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B28429A-F343-4BE8-A94D-5A5AC3F6258C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF64064-1C35-4888-BBC2-52F68EF9517F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DADD1E6-3454-4C1E-AD46-82D79CB8F528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E02DA21-B25B-4626-BFDC-61AA8AF3537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9C8A1C-0A55-4CA5-9BB6-2D03EFCFE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFA39E3-A614-4A64-B29C-86D6F12F1557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*",
"matchCriteriaId": "5B4434A4-EE82-46A1-9293-345991515369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD3B48-C978-4FDB-B157-85F3E971446B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "6050CADE-7BAF-45B7-A031-F70558C7CE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0186ADA-0E20-4E14-B9D5-19CDFC1BD98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD75FF0F-A36C-40AF-A99E-1596A6A6FE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "BED8CEF9-6AEC-4771-98F7-051E4B3E0848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5603FDAD-A347-4A44-BC45-1ADC44601D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5086D7CF-EBAB-4E30-98E0-0D276CC1C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:common_services:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FAD043E-3ABE-46D7-AD17-A68858692A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C13B0E1-DCEE-46E5-81A3-C08C07C58B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "257CC950-F1BB-4D0A-9B05-98A58DB67532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A641A2-4147-4C41-B102-18417ECA9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:gateway_security:r8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B44F941C-83DC-4EDA-B258-C35F5EDA819E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0281F80B-CF9C-482D-B7A9-3B2651BD0567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F7E184-EA23-487C-83ED-65CF8DD2DB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951062B1-C72B-4EAF-BA54-6986434036FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "253A8082-9AE4-4049-A1D0-B7ACB5C2E8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:protection_suites:r3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC845898-3D77-4793-971E-5E1555ED9CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "0115D81C-2CA2-424C-BE4B-0896C9ADA68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A38801CD-167E-408E-89BD-52BB1B89041B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6AEE8BC-8D0E-464F-88B7-5C2C2D372AFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8713893-59CE-486A-9262-E755A8F2D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8275AC1-81C5-4D9F-A61B-1A908BDDE0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente arclib en el motor Anti-Virus en CA Anti-Virus para Enterprise (formalmente eTrust Antivirus) v7.1 hasta v8.1; Anti-Virus 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) hasta Plus 2009; y otros productos CA permite a atacantes remotos causar una denegaci\u00f3n de servicio y ejecutar probablemente c\u00f3digo de su elecci\u00f3n a trav\u00e9s del archivo RAR manipulado que provoca una corrupci\u00f3n de la memoria din\u00e1mica, una vulnerabilidad diferente que CVE-2009-3588."
}
],
"id": "CVE-2009-3587",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-13T10:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/58691"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/58691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/36976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507068/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1022999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}