CERTA-2006-AVI-042

Vulnerability from certfr_avis - Published: 2006-01-23 - Updated: 2006-01-23

Des failles dans le service DMPrimer peut être exploitée pour bloquer ce service voire consommer toutes les ressources du processeur de l'hôte et saturer le disque avec un fichier journal démesuré.

Contournement provisoire

Désinstaller le service qui n'a d'utilité que lors de la phase initiale de l'installation.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Windows avec les produits Computer Associates suivants :

  • BrightStor Mobile Backup r4.0 ;
  • BrightStor ARCServe Backup for Laptops and Desktops r11.x ;
  • CA Business Protection Suite for Microsoft Small Business Standard/Premium Edition r2 ;
  • CA Business Protection Suite for Midsize Business for Windows r2;
  • CA Business/Desktop/Server Protection Suite r2 ;
  • CA Unicenter Remote Centrol 6.x.
Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Windows avec les produits \u003cTT\u003eComputer  Associates\u003c/TT\u003e suivants :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eBrightStor Mobile Backup r4.0 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCServe Backup for Laptops and Desktops r11.x    ;\u003c/LI\u003e    \u003cLI\u003eCA Business Protection Suite for Microsoft Small Business    Standard/Premium Edition r2 ;\u003c/LI\u003e    \u003cLI\u003eCA Business Protection Suite for Midsize Business for    Windows r2;\u003c/LI\u003e    \u003cLI\u003eCA Business/Desktop/Server Protection Suite r2 ;\u003c/LI\u003e    \u003cLI\u003eCA Unicenter Remote Centrol 6.x.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Contournement provisoire\n\nD\u00e9sinstaller le service qui n\u0027a d\u0027utilit\u00e9 que lors de la phase initiale\nde l\u0027installation.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2006-01-23T00:00:00",
  "last_revision_date": "2006-01-23T00:00:00",
  "links": [],
  "reference": "CERTA-2006-AVI-042",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Des failles dans le service DMPrimer peut \u00eatre exploit\u00e9e pour bloquer ce\nservice voire consommer toutes les ressources du processeur de l\u0027h\u00f4te et\nsaturer le disque avec un fichier journal d\u00e9mesur\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 d\u0027un composant DM Deployment de Computer Associates",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.