var-200901-0282
Vulnerability from variot
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect. Products with 'arclib.dll' prior to version 7.3.0.15 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG
Impact: A remote attacker can evade detection. CA has released a new Anti-Virus engine to address the vulnerabilities. Consequently, detection evasion can be a concern for gateway anti-virus software if archives are not scanned, but the risk is effectively mitigated by the desktop anti-virus engine.
Mitigating Factors: See note above.
Severity: CA has given these vulnerabilities a Low risk rating. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product.
How to determine if you are affected:
For products on Windows:
- Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*).
- Right click on the file and select Properties.
- Select the Version tab.
File Name File Version arclib.dll 7.3.0.15
*For eTrust Intrusion Detection 2.0 the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common".
For CA Anti-Virus r8.1 on non-Windows platforms:
Use the compver utility provided on the CD to determine the version of Arclib.
Example compver utility output: ------------------------------------------------ COMPONENT NAME VERSION ------------------------------------------------ eTrust Antivirus Arclib Archive Library 7.3.0.15 ... (followed by other components)
For reference, the following are file names for arclib on non-Windows operating systems:
Operating System File name Solaris libarclib.so Linux libarclib.so Mac OS X arclib.bundle
Workaround: Do not open email attachments or download files from untrusted sources.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Charset: utf-8
wj8DBQFJfyMKeSWR3+KUGYURAkyRAJ94Db9OT0mSDBo8UiSAK7AWWt5XSgCfc89J SlKLxRwfw06DmTk2tmlcrJI= =Kjse -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "threat manager for the enterprise",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r8"
},
{
"_id": null,
"model": "protection suites",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "r2"
},
{
"_id": null,
"model": "anti-virus sdk",
"scope": null,
"trust": 1.4,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "internet security suite 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"_id": null,
"model": "threat manager for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.1"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.1"
},
{
"_id": null,
"model": "arcserve client agent",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.0"
},
{
"_id": null,
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"_id": null,
"model": "anti-spyware for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "anti-virus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "4.0"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r3.0"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11"
},
{
"_id": null,
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.5_nil_"
},
{
"_id": null,
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r12.0_nil_"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.0"
},
{
"_id": null,
"model": "internet security suite 2007",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3"
},
{
"_id": null,
"model": "antivirus gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"_id": null,
"model": "arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r11.1"
},
{
"_id": null,
"model": "anti-spyware",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2007"
},
{
"_id": null,
"model": "anti-spyware",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2008"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "7.1"
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"_id": null,
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r3"
},
{
"_id": null,
"model": "anti-spyware for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"_id": null,
"model": "secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r8"
},
{
"_id": null,
"model": "network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r11.1"
},
{
"_id": null,
"model": "protection suites",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "r3.1"
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r7"
},
{
"_id": null,
"model": "anti-virus sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "internet security suite plus 2008",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "*"
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "r6.1"
},
{
"_id": null,
"model": "anti-spyware 2007",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-spyware 2008",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-spyware for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus gateway",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "arcserve backup",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "arcserve for windows client agent",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "arcserve for windows server component",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "common services",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "etrust intrusion detection",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "gateway security",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "internet security suite plus 2008",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "protection suites",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "secure content manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "threat manager for the enterprise",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "7.1"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11"
},
{
"_id": null,
"model": "anti-virus",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "2007"
},
{
"_id": null,
"model": "etrust ez antivirus",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "r7"
},
{
"_id": null,
"model": "common services",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11.1"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "r8"
},
{
"_id": null,
"model": "anti-virus for the enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.1"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"_id": null,
"model": "associates threat manager for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates threat manager for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates protection suites r2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates protection suites r3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates protection suites",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"_id": null,
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"_id": null,
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"_id": null,
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20073.0"
},
{
"_id": null,
"model": "associates gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"_id": null,
"model": "associates etrust intrusion detection sp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.01"
},
{
"_id": null,
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"_id": null,
"model": "associates etrust intrusion detection",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"_id": null,
"model": "associates etrust intrusion detection sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0.0"
},
{
"_id": null,
"model": "associates etrust ez antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"_id": null,
"model": "associates etrust antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.0"
},
{
"_id": null,
"model": "associates etrust antivirus r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates etrust antivirus r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates common services r11.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates common services r11",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates common services",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates arcserve for windows server component",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates arcserve client agent for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates arcserve",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12.0"
},
{
"_id": null,
"model": "associates anti-virus sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"_id": null,
"model": "associates anti-virus gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"_id": null,
"model": "associates anti-spyware for the enterprise r8.1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates anti-spyware for the enterprise r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"_id": null,
"model": "associates anti-spyware",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"_id": null,
"model": "associates anti-spyware",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2007"
}
],
"sources": [
{
"db": "BID",
"id": "33464"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_2007",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-spyware_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:anti-virus_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_client_agent",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:arcserve_for_windows_server_component",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:common_services",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_intrusion_detection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:gateway_security",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite_plus_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:network_and_systems_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:protection_suites",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:secure_content_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:threat_manager_for_the_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:etrust_ez_antivirus",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
}
]
},
"credits": {
"_id": null,
"data": "Thierry Zoller and Sergio Alvarez of n.runs AG",
"sources": [
{
"db": "BID",
"id": "33464"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
],
"trust": 0.9
},
"cve": "CVE-2009-0042",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-0042",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-37488",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0042",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-0042",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200901-407",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-37488",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"description": {
"_id": null,
"data": "Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine. \nSuccessful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect. \nProducts with \u0027arclib.dll\u0027 prior to version 7.3.0.15 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nTitle: CA20090126-01: CA Anti-Virus Engine Detection Evasion \nMultiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090126-01\n\n\nCA Advisory Date: 2009-01-26\n\n\nReported By:\nThierry Zoller and Sergio Alvarez of n.runs AG\n\n\nImpact: A remote attacker can evade detection. CA has \nreleased a new Anti-Virus engine to address the vulnerabilities. \nConsequently, detection evasion can be a concern for gateway \nanti-virus software if archives are not scanned, but the risk is \neffectively mitigated by the desktop anti-virus engine. \n\n\nMitigating Factors: See note above. \n\n\nSeverity: CA has given these vulnerabilities a Low risk rating. If your product is \nconfigured for automatic updates, you should already be protected, \nand you need to take no action. If your product is not configured \nfor automatic updates, then you simply need to run the update \nutility included with your product. \n\n\nHow to determine if you are affected:\n\nFor products on Windows:\n\n1. Using Windows Explorer, locate the file \"arclib.dll\". By \n default, the file is located in the \n \"C:\\Program Files\\CA\\SharedComponents\\ScanEngine\" directory (*). \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. \n\nFile Name File Version\narclib.dll 7.3.0.15\n\n*For eTrust Intrusion Detection 2.0 the file is located in \n\"Program Files\\eTrust\\Intrusion Detection\\Common\", and for eTrust \nIntrusion Detection 3.0 and 3.0 sp1, the file is located in \n\"Program Files\\CA\\Intrusion Detection\\Common\". \n\nFor CA Anti-Virus r8.1 on non-Windows platforms:\n\nUse the compver utility provided on the CD to determine the \nversion of Arclib. \n\nExample compver utility output:\n ------------------------------------------------\n COMPONENT NAME VERSION\n ------------------------------------------------\n eTrust Antivirus Arclib Archive Library 7.3.0.15\n ... (followed by other components)\n\nFor reference, the following are file names for arclib on \nnon-Windows operating systems:\n\nOperating System File name\nSolaris libarclib.so\nLinux libarclib.so\nMac OS X arclib.bundle\n\n\nWorkaround: \nDo not open email attachments or download files from untrusted \nsources. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.9.1 (Build 287)\nCharset: utf-8\n\nwj8DBQFJfyMKeSWR3+KUGYURAkyRAJ94Db9OT0mSDBo8UiSAK7AWWt5XSgCfc89J\nSlKLxRwfw06DmTk2tmlcrJI=\n=Kjse\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0042"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "BID",
"id": "33464"
},
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "PACKETSTORM",
"id": "74367"
}
],
"trust": 2.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-0042",
"trust": 2.9
},
{
"db": "BID",
"id": "33464",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1021639",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-0270",
"trust": 2.5
},
{
"db": "XF",
"id": "48261",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "74367",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-37488",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "BID",
"id": "33464"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "PACKETSTORM",
"id": "74367"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"id": "VAR-200901-0282",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:10:15.841000Z",
"patch": {
"_id": null,
"data": [
{
"title": "197601",
"trust": 0.8,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601"
},
{
"title": "Computer Associates Anti-Virus Engine Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146829"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-noinfo",
"trust": 0.8
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/33464"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1021639"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/0270"
},
{
"trust": 2.0,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197601"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/500417/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48261"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0042"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/48261"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0042"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/500417"
},
{
"trust": 0.3,
"url": "/archive/1/503447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0042"
},
{
"trust": 0.1,
"url": "http://www.nruns.com/"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://secdev.zoller.lu"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1976"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-37488"
},
{
"db": "BID",
"id": "33464"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
},
{
"db": "PACKETSTORM",
"id": "74367"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
},
{
"db": "NVD",
"id": "CVE-2009-0042"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-37488",
"ident": null
},
{
"db": "BID",
"id": "33464",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "74367",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-0042",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-37488",
"ident": null
},
{
"date": "2009-01-27T00:00:00",
"db": "BID",
"id": "33464",
"ident": null
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"ident": null
},
{
"date": "2009-01-28T00:18:02",
"db": "PACKETSTORM",
"id": "74367",
"ident": null
},
{
"date": "2009-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-407",
"ident": null
},
{
"date": "2009-01-28T01:30:00.453000",
"db": "NVD",
"id": "CVE-2009-0042",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-37488",
"ident": null
},
{
"date": "2009-05-12T22:06:00",
"db": "BID",
"id": "33464",
"ident": null
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002620",
"ident": null
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200901-407",
"ident": null
},
{
"date": "2024-11-21T00:58:56.143000",
"db": "NVD",
"id": "CVE-2009-0042",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "74367"
},
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "plural CA Product Arclib library Vulnerabilities that can bypass virus detection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002620"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "design error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200901-407"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.