CAID 33756 - DM Deployment Common Component Vulnerabilities
Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities
CA Vulnerability ID: 33756
Discovery Date: 2005-12-20
CA Advisory Date: 2006-01-17
Discovered By: Cengiz Aykanat (CA internal audit), and
Karma[at]DesignFolks[dot]com[dot]au.
Impact: Remote attacker can cause a denial of service condition.
Summary: The following security vulnerability issues have been
identified in the DM Primer part of the DM Deployment Common
Component being distributed with some CA products:
1) A Denial of Service (DoS) vulnerability has been identified in
the handling of unrecognized network messages, which may result
in high CPU utilization and excessive growth of the DM Primer
log file.
2) A Denial of Service (DoS) vulnerability has been identified
with the way in which DM Primer handles receipt of large rogue
network messages, which can result in DM Primer becoming
unresponsive.
Severity: Computer Associates has given this vulnerability a
Medium risk rating.
Mitigating Factors: These vulnerabilities will only be present if
you have utilized the DM Deployment mechanism (bundled with the
affected products) to deploy those products within your
enterprise environment.
Affected Technologies: Please note that the DM Primer component
is not a product, but rather a common component that is included
with multiple products. Vulnerable versions of the DM Primer
component are included in the CA products listed in the Affected
Products section below. DM Primer component versions v1.4.154
and v1.4.155 are vulnerable to these issues. These
vulnerabilities are not present in DM Primer v11.0 or later.
Affected Products:
- BrightStor Mobile Backup r4.0
- BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1,
r11.1 SP1
- Unicenter Remote Control 6.0, 6.0 SP1
- CA Desktop Protection Suite r2
- CA Server Protection Suite r2
- CA Business Protection Suite r2
- CA Business Protection Suite for Microsoft Small Business
Server Standard Edition r2
- CA Business Protection Suite for Microsoft Small Business
Server Premium Edition r2
- CA Business Protection Suite for Midsize Business for Windows
r2
Affected platforms:
Windows
Platforms NOT affected:
This version of DM Primer is not supported on any other
platforms.
Status and Recommendation:
Since this version of DM Primer is only utilized for the initial
installation of the products, the above vulnerabilities can be
addressed by simply removing the DM Primer Service after
deployment. To remove the DM Primer component follow the
instructions below:
dmprimer remove -f:
will force the removal of a local DM Primer service,
dmsweep -a1:remotecomp -dp:force
will force the removal of the DM Primer service from a remote
computer called remotecomp.
The dmsweep command will be available on the DM Deployment
machine (usually the host for the product manager with which it
was bundled). It can take a machine name, an ip address, or a
range of ip addresses. Some examples are:
dmsweep -a1:192.168.0.* -dp:force
will forcibly remove DM Primer from all machines on the
192.168.0.* subnet
dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force
will forcibly remove DM Primer from all machines in the range
192.168.0.1-192.168.0.100
dmsweep -a1:192.168.0.1 -a2:192.168.0.100 -dp:force
will forcibly remove DM Primer from all machines in the range
192.168.0.1-192.168.0.100
Please refer to the FAQ for answers to commonly asked
questions.
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp
References:
(note that URLs may wrap)
DM Deployment Common Component Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_not
ice.asp
Frequently Asked Questions (FAQ) related to this security update
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faq
s.asp
CA Security Advisor site advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756
CVE Reference: Pending
http://cve.mitre.org
OSVDB Reference: Pending
http://osvdb.org
Error Handling in DM Primer
http://www.designfolks.com.au/karma/DMPrimer/
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@xxxxxx, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@xxxxxx, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Dir. Vuln Research
CA Vulnerability Research Team
CA, One Computer Associates Plaza. Islandia, NY 11749
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA. All rights reserved.