CERTA-2007-AVI-329
Vulnerability from certfr_avis
Deux vulnérabilités affectant la bibliothèque arclib.dll permettent de réaliser un déni de service à distance.
Description
Deux vulnérabilités affectant la bibliothèque arclib.dll (versions antérieures à 7.3.0.9), présente dans de nombreux produits de l'éditeur Computer Associates, ont été découvertes. Ces vulnérabilités permettent, par le biais d'un fichier au format CHM (CVE-2007-3875) ou au format RAR (CVE-2006-5645) spécifiquement constitué, de réaliser un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | BrightStor ARCserve Backup v9.01 ; | ||
| ESET | N/A | eTrust EZ Armor r1, r2, r3.x ; | ||
| ESET | N/A | CA Anti-Virus Gateway (anciennement eTrust Antivirus Gateway) 7.1 ; | ||
| ESET | N/A | CA Protection Suites r2, r3 ; | ||
| ESET | N/A | CA Common Services (CCS) r11, r11.1 ; | ||
| Microsoft | Windows | BrightStor ARCserve Backup r11 pour Windows, r11.1, r11.5 ; | ||
| ESET | N/A | CA Anti-Virus 2007 (v8) ; | ||
| ESET | N/A | BrightStor Enterprise Backup r10.5 ; | ||
| ESET | N/A | eTrust EZ Antivirus r7, r6.1 ; | ||
| ESET | Internet Security | CA Internet Security Suite 2007 (v3) ; | ||
| ESET | N/A | CA Anti-Virus for the Enterprise (anciennement eTrust Antivirus) 7.0, 7.1, r8, r8.1 ; | ||
| ESET | N/A | CA Secure Content Manager (anciennement eTrust Secure Content Manager) 1.1, 8.0 ; | ||
| ESET | Internet Security | eTrust Internet Security Suite r1, r2 ; | ||
| N/A | N/A | Unicenter Network and Systems Management (NSM) r3, 3.1, r11, r11.1 ; | ||
| N/A | N/A | CA Anti-Spyware for the Enterprise (anciennement eTrust PestPatrol) r8, 8.1 ; | ||
| Microsoft | Windows | BrightStor ARCserve Client agent for Windows ; | ||
| ESET | N/A | eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1 ; | ||
| ESET | N/A | CA Anti-Virus SDK (anciennement eTrust Anti-Virus SDK). | ||
| N/A | N/A | CA Anti-Spyware 2007 ; | ||
| N/A | N/A | CA Threat Manager for the Enterprise (anciennement eTrust Integrated Threat Management) r8 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BrightStor ARCserve Backup v9.01 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust EZ Armor r1, r2, r3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Anti-Virus Gateway (anciennement eTrust Antivirus Gateway) 7.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Protection Suites r2, r3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Common Services (CCS) r11, r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11 pour Windows, r11.1, r11.5 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Anti-Virus 2007 (v8) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "BrightStor Enterprise Backup r10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "eTrust EZ Antivirus r7, r6.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Internet Security Suite 2007 (v3) ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Anti-Virus for the Enterprise (anciennement eTrust Antivirus) 7.0, 7.1, r8, r8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Secure Content Manager (anciennement eTrust Secure Content Manager) 1.1, 8.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "eTrust Internet Security Suite r1, r2 ;",
"product": {
"name": "Internet Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Unicenter Network and Systems Management (NSM) r3, 3.1, r11, r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Anti-Spyware for the Enterprise (anciennement eTrust PestPatrol) r8, 8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Client agent for Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Anti-Virus SDK (anciennement eTrust Anti-Virus SDK).",
"product": {
"name": "N/A",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "CA Anti-Spyware 2007 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Threat Manager for the Enterprise (anciennement eTrust Integrated Threat Management) r8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s affectant la biblioth\u00e8que arclib.dll (versions\nant\u00e9rieures \u00e0 7.3.0.9), pr\u00e9sente dans de nombreux produits de l\u0027\u00e9diteur\nComputer Associates, ont \u00e9t\u00e9 d\u00e9couvertes. Ces vuln\u00e9rabilit\u00e9s permettent,\npar le biais d\u0027un fichier au format CHM (CVE-2007-3875) ou au format RAR\n(CVE-2006-5645) sp\u00e9cifiquement constitu\u00e9, de r\u00e9aliser un d\u00e9ni de service\n\u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3875"
},
{
"name": "CVE-2006-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5645"
}
],
"initial_release_date": "2007-07-25T00:00:00",
"last_revision_date": "2007-07-25T00:00:00",
"links": [],
"reference": "CERTA-2007-AVI-329",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s affectant la biblioth\u00e8que arclib.dll permettent de\nr\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans plusieurs produits Computer Associates",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 juillet 2007",
"url": "http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…