Vulnerability Details : CVE-2009-3587

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
Publish Date : 2009-10-13 Last Update Date : 2009-11-09

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	9.3
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute Code
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2009-3587

#	Product Type	Vendor	Product	Version	Update	Edition
1	Application	CA	Anti-virus	2007	8		Details Vulnerabilities
2	Application	CA	Anti-virus	2008			Details Vulnerabilities
3	Application	CA	Anti-virus	2009			Details Vulnerabilities
4	Application	CA	Anti-virus For The Enterprise	R8.1			Details Vulnerabilities
5	Application	CA	Anti-virus For The Enterprise	7.1			Details Vulnerabilities
6	Application	CA	Anti-virus For The Enterprise	R8			Details Vulnerabilities
7	Application	CA	Anti-virus Gateway	7.1			Details Vulnerabilities
8	Application	CA	Anti-virus Plus	2009			Details Vulnerabilities
9	Application	CA	Anti-virus Sdk				Details Vulnerabilities
10	Application	CA	Arcserve Backup	R12.0			Details Vulnerabilities
11	Application	CA	Arcserve Backup	R12.0	SP1		Details Vulnerabilities
12	Application	CA	Arcserve Backup	R12.0	SP2		Details Vulnerabilities
13	Application	CA	Arcserve Backup	R11.1			Details Vulnerabilities
14	Application	CA	Arcserve Backup	R11.5			Details Vulnerabilities
15	Application	CA	Arcserve Backup	R12.5			Details Vulnerabilities
16	Application	CA	Arcserve For Windows Client Agent				Details Vulnerabilities
17	Application	CA	Arcserve For Windows Server Component				Details Vulnerabilities
18	Application	CA	Common Services	3.1			Details Vulnerabilities
19	Application	CA	Common Services	11			Details Vulnerabilities
20	Application	CA	Common Services	11.1			Details Vulnerabilities
21	Application	CA	Etrust Anti-virus Gateway	7.1			Details Vulnerabilities
22	Application	CA	Etrust Anti-virus Sdk				Details Vulnerabilities
23	Application	CA	Etrust Antivirus	7.1			Details Vulnerabilities
24	Application	CA	Etrust Antivirus	8			Details Vulnerabilities
25	Application	CA	Etrust Antivirus	8.1			Details Vulnerabilities
26	Application	CA	Etrust Ez Antivirus	R7.1			Details Vulnerabilities
27	Application	CA	Etrust Integrated Threat Management	8.1			Details Vulnerabilities
28	Application	CA	Etrust Intrusion Detection	2.0	SP1		Details Vulnerabilities
29	Application	CA	Etrust Intrusion Detection	3.0			Details Vulnerabilities
30	Application	CA	Etrust Intrusion Detection	3.0	SP1		Details Vulnerabilities
31	Application	CA	Etrust Secure Content Manager	1.1			Details Vulnerabilities
32	Application	CA	Etrust Secure Content Manager	8.0			Details Vulnerabilities
33	Application	CA	Gateway Security	R8.1			Details Vulnerabilities
34	Application	CA	Internet Security Suite				Details Vulnerabilities
35	Application	CA	Internet Security Suite	3.0			Details Vulnerabilities
36	Application	CA	Internet Security Suite 2008				Details Vulnerabilities
37	Application	CA	Internet Security Suite Plus 2008				Details Vulnerabilities
38	Application	CA	Internet Security Suite Plus 2009				Details Vulnerabilities
39	Application	CA	Network And Systems Management	R3.0			Details Vulnerabilities
40	Application	CA	Network And Systems Management	R3.1			Details Vulnerabilities
41	Application	CA	Network And Systems Management	R11.1			Details Vulnerabilities
42	Application	CA	Network And Systems Management	R11			Details Vulnerabilities
43	Application	CA	Protection Suites	R3.1			Details Vulnerabilities
44	Application	CA	Protection Suites	R2			Details Vulnerabilities
45	Application	CA	Protection Suites	R3			Details Vulnerabilities
46	Application	CA	Secure Content Manager	1.1			Details Vulnerabilities
47	Application	CA	Secure Content Manager	8.0			Details Vulnerabilities
48	Application	CA	Threat Manager	8.1		Enterprise	Details Vulnerabilities
49	Application	CA	Threat Manager	R8		Enterprise	Details Vulnerabilities
50	Application	CA	Threat Manager Total Defense				Details Vulnerabilities
51	Application	CA	Unicenter Network And Systems Management	3.0			Details Vulnerabilities
52	Application	CA	Unicenter Network And Systems Management	3.1			Details Vulnerabilities
53	Application	CA	Unicenter Network And Systems Management	11			Details Vulnerabilities
54	Application	CA	Unicenter Network And Systems Management	11.1			Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
CA	Anti-virus	3
CA	Anti-virus For The Enterprise	3
CA	Anti-virus Gateway	1
CA	Anti-virus Plus	1
CA	Anti-virus Sdk	1
CA	Arcserve Backup	6
CA	Arcserve For Windows Client Agent	1
CA	Arcserve For Windows Server Component	1
CA	Common Services	3
CA	Etrust Anti-virus Gateway	1
CA	Etrust Anti-virus Sdk	1
CA	Etrust Antivirus	3
CA	Etrust Ez Antivirus	1
CA	Etrust Integrated Threat Management	1
CA	Etrust Intrusion Detection	3
CA	Etrust Secure Content Manager	2
CA	Gateway Security	1
CA	Internet Security Suite	2
CA	Internet Security Suite 2008	1
CA	Internet Security Suite Plus 2008	1
CA	Internet Security Suite Plus 2009	1
CA	Network And Systems Management	4
CA	Protection Suites	3
CA	Secure Content Manager	2
CA	Threat Manager	2
CA	Threat Manager Total Defense	1
CA	Unicenter Network And Systems Management	4

- References For CVE-2009-3587

http://secunia.com/advisories/36976
SECUNIA 36976

http://osvdb.org/58691
OSVDB 58691

http://www.securityfocus.com/bid/36653
BID 36653 Computer Associates Anti-Virus Engine 'arclib' Multiple Memory Corruption Vulnerabilities Release Date:2009-10-13

http://www.securityfocus.com/archive/1/archive/1/507068/100/0/threaded
BUGTRAQ 20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine

http://www.securitytracker.com/id?1022999
SECTRACK 1022999

http://xforce.iss.net/xforce/xfdb/53697
XF ca-rar-code-execution(53697)

http://www.vupen.com/english/advisories/2009/2852
VUPEN ADV-2009-2852

http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 CONFIRM

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
CA Arcserve Backup R12.5 CA Arcserve Backup R12.0 SP2 CA Arcserve Backup R12.0 SP1 CA Arcserve Backup R12.0	Microsoft Windows
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
CA Arcserve Backup R11.5 CA Arcserve Backup R11.1	Linux Linux

- Metasploit Modules Related To CVE-2009-3587

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)