CERTA-2009-AVI-431
Vulnerability from certfr_avis

Deux vulnérabilités dans CA Anti-Virus permettent d'exécuter du code arbitraire ou de réaliser un déni de service à distance.

Description

Deux vulnérabilités ont été découvertes dans le traitement des fichiers au format RAR par le composant arclib de CA Anti-Virus. L'exploitation de ces vulnérabilités permet de réaliser un déni de service ou d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
N/A N/A CA Threat Manager for the Enterprise (autrefois appelé eTrust Integrated Threat Management) r8 et 8.1 ;
Microsoft Windows CA ARCserve for Windows Server component ;
N/A N/A eTrust EZ Antivirus r7.1 ;
ESET Internet Security CA Internet Security Suite Plus 2008 ;
N/A N/A CA Anti-Virus SDK (autrefois appelé eTrust Anti-Virus SDK) ;
N/A N/A CA Common Services r3.1, r11 et r11.1 ;
N/A N/A CA Secure Content Manager (autrefois appelé eTrust Secure Content Manager) 1.1 et 8.0 ;
N/A N/A CA Anti-Virus 2007 (v8) ;
N/A N/A CA ARCserve Backup pour Linux r11.1 et r11.5 ;
ESET Security CA Gateway Security r8.1 ;
ESET Internet Security CA Internet Security Suite 2008 ;
N/A N/A CA Threat Manager Total Defense ;
Microsoft Windows CA ARCserve Backup pour Windows r11.5, r12, r12.0 SP1, r12.0 SP2 et r12.5 ;
N/A N/A CA Anti-Virus Gateway (autrefois appelé eTrust Antivirus Gateway) 7.1.
N/A N/A CA Anti-Virus 2009 ;
Microsoft Windows CA ARCserve for Windows Client Agent ;
N/A N/A CA eTrust Intrusion Detection 2.0 SP1, 3.0 et 3.0 SP1 ;
ESET Internet Security CA Internet Security Suite 2007 (v3) ;
ESET Internet Security CA Internet Security Suite Plus 2009 ;
N/A N/A CA Anti-Virus 2008 ;
N/A N/A CA Network and Systems Management (autrefois appelé Unicenter Network and Systems Management) r3.0, r3.1, r11, r11.1 ;
N/A N/A CA Anti-Virus Plus 2009 ;
N/A N/A CA Anti-Virus for the Enterprise (autrefois appelé eTrust Antivirus) 7.1, r8 et r8.1 ;
N/A N/A CA Protection Suites r2, r3 et r3.1 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CA Threat Manager for the Enterprise (autrefois appel\u00e9 eTrust Integrated Threat Management) r8 et 8.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve for Windows Server component ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "eTrust EZ Antivirus r7.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Internet Security Suite Plus 2008 ;",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus SDK (autrefois appel\u00e9 eTrust Anti-Virus SDK) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Common Services r3.1, r11 et r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Secure Content Manager (autrefois appel\u00e9 eTrust Secure Content Manager) 1.1 et 8.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus 2007 (v8) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup pour Linux r11.1 et r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Gateway Security r8.1 ;",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CA Internet Security Suite 2008 ;",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CA Threat Manager Total Defense ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup pour Windows r11.5, r12, r12.0 SP1, r12.0 SP2 et r12.5 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus Gateway (autrefois appel\u00e9 eTrust Antivirus Gateway) 7.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus 2009 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve for Windows Client Agent ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA eTrust Intrusion Detection 2.0 SP1, 3.0 et 3.0 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Internet Security Suite 2007 (v3) ;",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CA Internet Security Suite Plus 2009 ;",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus 2008 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Network and Systems Management (autrefois appel\u00e9 Unicenter Network and Systems Management) r3.0, r3.1, r11, r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus Plus 2009 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Anti-Virus for the Enterprise (autrefois appel\u00e9 eTrust Antivirus) 7.1, r8 et r8.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Protection Suites r2, r3 et r3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le traitement des fichiers\nau format RAR par le composant arclib de CA Anti-Virus. L\u0027exploitation\nde ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3588"
    },
    {
      "name": "CVE-2009-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3587"
    }
  ],
  "initial_release_date": "2009-10-12T00:00:00",
  "last_revision_date": "2009-10-12T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-431",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCA Anti-Virus\u003c/span\u003e\npermettent d\u0027ex\u00e9cuter du code arbitraire ou de r\u00e9aliser un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans CA Anti-Virus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA20091008-01 du 08 octobre 2009",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.