"Although the proof-of-concept does not reach an exploitable condition, mildly altering the proof-of-concept will," eEye said in an advisory. "The vendor has labeled the specific denial-of-service vulnerabilities with a medium severity. However, because of the simplicity to demonstrate an exploitable condition by altering the supplied proof of concept, eEye Research is designating these vulnerabilities as high severity."
The flaw could be exploited anonymously against BrightStor, allowing a remote attacker to run malicious code and obtain full system access, eEye said.
CA said in an advisory that it's aware that two functional exploit code samples were publicized May 16. "These two denial-of-service exploits are associated with vulnerabilities in CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe," CA said. "We have verified that vulnerabilities do exist, and we are now working on a patch to address the issues."
To mitigate the threat, CA suggests users rename the "mediasvr.exe" file to a non-functional file name, such as "mediasvc.exe.disable," then restart the CA BrightStor Tape Engine service. This disables command line functionality within BrightStor, CA said.
Symantec plugs Norton ActiveX flaw
Symantec Corp. has patched a flawed ActiveX control in its Norton security products that attackers could exploit to run malware on targeted machines.
An ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 contains a buffer overflow vulnerability, Cupertino, Calif.-based Symantec said in an advisory. Norton Internet Security is a software package for Microsoft Windows systems that includes antivirus, firewall, spam and content filtering, intrusion detection and privacy protection.
"The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL," the vendor said. "A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user."
To successfully exploit the flaw, Symantec said an attacker would need to trick the user into viewing a specially crafted HTML document.
"This type of attack is often achieved by sending email containing a link to the malicious site, and persuading the recipient to click on the link," the company noted. "Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue."
Symantec product engineers confirmed that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only. Product updates to correct the problem are available through LiveUpdate.
Unicode flaw hits Cisco, other vendors
Cisco Systems has acknowledged a flaw digital miscreants could exploit in its Intrusion Prevention System (IPS) and Internetwork Operating System (IOS) with Firewall/IPS Feature Set to evade security restrictions and launch attacks. Cisco is not the only vendor affected. Researchers believe more than 90 security tools from different vendors may be at risk, and 3com Corp.'s TippingPoint division has confirmed it is among those affected.
The flaw was reported by the United States Computer Emergency Readiness Team (US-CERT) and originally discovered by researchers Fatih Ozavci and Caglar Cakici of Turkish security firm GamaSec. The researchers discovered that online outlaws could evade Cisco's IPS and firewall to secretly scan and attack targeted systems by encoding their attacks with a full-width or half-width Unicode character set.
No fix or workaround is currently available, Danish vulnerability clearinghouse Secunia noted in its advisory on the flaw.
The specific product versions affected by the flaw are Cisco Intrusion Prevention System (IPS) versions 4 and 5, and IOS versions 10, 11 and 12.