Sign-up

ID

VAR-200901-0282


CVE

CVE-2009-0042


TITLE

plural CA Product Arclib library Vulnerabilities that can bypass virus detection

Trust: 0.8

sources: JVNDB: JVNDB-2009-002620

DESCRIPTION

Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect. Products with 'arclib.dll' prior to version 7.3.0.15 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities CA Advisory Reference: CA20090126-01 CA Advisory Date: 2009-01-26 Reported By: Thierry Zoller and Sergio Alvarez of n.runs AG Impact: A remote attacker can evade detection. CA has released a new Anti-Virus engine to address the vulnerabilities. Consequently, detection evasion can be a concern for gateway anti-virus software if archives are not scanned, but the risk is effectively mitigated by the desktop anti-virus engine. Mitigating Factors: See note above. Severity: CA has given these vulnerabilities a Low risk rating. If your product is configured for automatic updates, you should already be protected, and you need to take no action. If your product is not configured for automatic updates, then you simply need to run the update utility included with your product. How to determine if you are affected: For products on Windows: 1. Using Windows Explorer, locate the file "arclib.dll". By default, the file is located in the "C:\Program Files\CA\SharedComponents\ScanEngine" directory (*). 2. Right click on the file and select Properties. 3. Select the Version tab. 4. File Name File Version arclib.dll 7.3.0.15 *For eTrust Intrusion Detection 2.0 the file is located in "Program Files\eTrust\Intrusion Detection\Common", and for eTrust Intrusion Detection 3.0 and 3.0 sp1, the file is located in "Program Files\CA\Intrusion Detection\Common". For CA Anti-Virus r8.1 on non-Windows platforms: Use the compver utility provided on the CD to determine the version of Arclib. Example compver utility output: ------------------------------------------------ COMPONENT NAME VERSION ------------------------------------------------ eTrust Antivirus Arclib Archive Library 7.3.0.15 ... (followed by other components) For reference, the following are file names for arclib on non-Windows operating systems: Operating System File name Solaris libarclib.so Linux libarclib.so Mac OS X arclib.bundle Workaround: Do not open email attachments or download files from untrusted sources. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82 Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.9.1 (Build 287) Charset: utf-8 wj8DBQFJfyMKeSWR3+KUGYURAkyRAJ94Db9OT0mSDBo8UiSAK7AWWt5XSgCfc89J SlKLxRwfw06DmTk2tmlcrJI= =Kjse -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2009-0042 // JVNDB: JVNDB-2009-002620 // BID: 33464 // VULHUB: VHN-37488 // PACKETSTORM: 74367

AFFECTED PRODUCTS

vendor:camodel:threat manager for the enterprisescope:eqversion:r8

Trust: 1.6

vendor:camodel:protection suitesscope:eqversion:r2

Trust: 1.6

vendor:camodel:anti-virus sdkscope: - version: -

Trust: 1.4

vendor:camodel:internet security suite 2008scope:eqversion:*

Trust: 1.0

vendor:camodel:threat manager for the enterprisescope:eqversion:8.1

Trust: 1.0

vendor:broadcommodel:network and systems managementscope:eqversion:r3.1

Trust: 1.0

vendor:broadcommodel:arcserve client agentscope:eqversion: -

Trust: 1.0

vendor:broadcommodel:secure content managerscope:eqversion:8.1

Trust: 1.0

vendor:camodel:etrust intrusion detectionscope:eqversion:2.0

Trust: 1.0

vendor:broadcommodel:anti-virusscope:eqversion:2007

Trust: 1.0

vendor:broadcommodel:anti-spyware for the enterprisescope:eqversion:8.1

Trust: 1.0

vendor:broadcommodel:anti-virusscope:eqversion:2008

Trust: 1.0

vendor:broadcommodel:etrust intrusion detectionscope:eqversion:4.0

Trust: 1.0

vendor:broadcommodel:network and systems managementscope:eqversion:r3.0

Trust: 1.0

vendor:broadcommodel:anti-virus for the enterprisescope:eqversion:8.1

Trust: 1.0

vendor:broadcommodel:common servicesscope:eqversion:11

Trust: 1.0

vendor:camodel:arcserve backupscope:eqversion:r11.5_nil_

Trust: 1.0

vendor:camodel:arcserve backupscope:eqversion:r12.0_nil_

Trust: 1.0

vendor:camodel:etrust intrusion detectionscope:eqversion:3.0

Trust: 1.0

vendor:camodel:internet security suite 2007scope:eqversion:3

Trust: 1.0

vendor:broadcommodel:antivirus gatewayscope:eqversion:7.1

Trust: 1.0

vendor:camodel:arcserve backupscope:eqversion:r11.1

Trust: 1.0

vendor:broadcommodel:anti-spywarescope:eqversion:2007

Trust: 1.0

vendor:broadcommodel:anti-spywarescope:eqversion:2008

Trust: 1.0

vendor:broadcommodel:network and systems managementscope:eqversion:r11

Trust: 1.0

vendor:broadcommodel:anti-virus for the enterprisescope:eqversion:7.1

Trust: 1.0

vendor:broadcommodel:etrust intrusion detectionscope:eqversion:3.0

Trust: 1.0

vendor:camodel:protection suitesscope:eqversion:r3

Trust: 1.0

vendor:broadcommodel:anti-spyware for the enterprisescope:eqversion:r8

Trust: 1.0

vendor:broadcommodel:secure content managerscope:eqversion:8.0

Trust: 1.0

vendor:broadcommodel:anti-virus for the enterprisescope:eqversion:r8

Trust: 1.0

vendor:broadcommodel:network and systems managementscope:eqversion:r11.1

Trust: 1.0

vendor:camodel:protection suitesscope:eqversion:r3.1

Trust: 1.0

vendor:broadcommodel:etrust ez antivirusscope:eqversion:r7

Trust: 1.0

vendor:broadcommodel:anti-virus sdkscope:eqversion:*

Trust: 1.0

vendor:broadcommodel:common servicesscope:eqversion:11.1

Trust: 1.0

vendor:camodel:internet security suite plus 2008scope:eqversion:*

Trust: 1.0

vendor:broadcommodel:etrust ez antivirusscope:eqversion:r6.1

Trust: 1.0

vendor:camodel:anti-spyware 2007scope: - version: -

Trust: 0.8

vendor:camodel:anti-spyware 2008scope: - version: -

Trust: 0.8

vendor:camodel:anti-spyware for the enterprisescope: - version: -

Trust: 0.8

vendor:camodel:anti-virusscope: - version: -

Trust: 0.8

vendor:camodel:anti-virus for the enterprisescope: - version: -

Trust: 0.8

vendor:camodel:anti-virus gatewayscope: - version: -

Trust: 0.8

vendor:camodel:arcserve backupscope: - version: -

Trust: 0.8

vendor:camodel:arcserve for windows client agentscope: - version: -

Trust: 0.8

vendor:camodel:arcserve for windows server componentscope: - version: -

Trust: 0.8

vendor:camodel:common servicesscope: - version: -

Trust: 0.8

vendor:camodel:etrust intrusion detectionscope: - version: -

Trust: 0.8

vendor:camodel:gateway securityscope: - version: -

Trust: 0.8

vendor:camodel:internet security suitescope: - version: -

Trust: 0.8

vendor:camodel:internet security suite plus 2008scope: - version: -

Trust: 0.8

vendor:camodel:network and systems managementscope: - version: -

Trust: 0.8

vendor:camodel:protection suitesscope: - version: -

Trust: 0.8

vendor:camodel:secure content managerscope: - version: -

Trust: 0.8

vendor:camodel:threat manager for the enterprisescope: - version: -

Trust: 0.8

vendor:camodel:etrust ez antivirusscope: - version: -

Trust: 0.8

vendor:camodel:anti-virus for the enterprisescope:eqversion:7.1

Trust: 0.6

vendor:camodel:common servicesscope:eqversion:11

Trust: 0.6

vendor:camodel:anti-virusscope:eqversion:2007

Trust: 0.6

vendor:camodel:etrust ez antivirusscope:eqversion:r7

Trust: 0.6

vendor:camodel:common servicesscope:eqversion:11.1

Trust: 0.6

vendor:camodel:anti-virus for the enterprisescope:eqversion:r8

Trust: 0.6

vendor:camodel:anti-virus for the enterprisescope:eqversion:8.1

Trust: 0.6

vendor:computermodel:associates unicenter network and systems managementscope:eqversion:3.1

Trust: 0.3

vendor:computermodel:associates unicenter network and systems managementscope:eqversion:3.0

Trust: 0.3

vendor:computermodel:associates unicenter network and systems managementscope:eqversion:12.0

Trust: 0.3

vendor:computermodel:associates unicenter network and systems managementscope:eqversion:11.1

Trust: 0.3

vendor:computermodel:associates unicenter network and systems managementscope:eqversion:11

Trust: 0.3

vendor:computermodel:associates threat manager for the enterprise r8.1scope: - version: -

Trust: 0.3

vendor:computermodel:associates threat manager for the enterprise r8scope: - version: -

Trust: 0.3

vendor:computermodel:associates protection suites r2scope:eqversion:0

Trust: 0.3

vendor:computermodel:associates protection suites r3scope: - version: -

Trust: 0.3

vendor:computermodel:associates protection suitesscope:eqversion:3.1

Trust: 0.3

vendor:computermodel:associates internet security suite plusscope:eqversion:20080

Trust: 0.3

vendor:computermodel:associates internet security suitescope:eqversion:20080

Trust: 0.3

vendor:computermodel:associates internet security suitescope:eqversion:20073.0

Trust: 0.3

vendor:computermodel:associates gateway securityscope:eqversion:8.1

Trust: 0.3

vendor:computermodel:associates etrust secure content managerscope:eqversion:8.0

Trust: 0.3

vendor:computermodel:associates etrust secure content managerscope:eqversion:1.1

Trust: 0.3

vendor:computermodel:associates etrust secure content managerscope:eqversion:8.1

Trust: 0.3

vendor:computermodel:associates etrust intrusion detection spscope:eqversion:3.01

Trust: 0.3

vendor:computermodel:associates etrust intrusion detectionscope:eqversion:3.0

Trust: 0.3

vendor:computermodel:associates etrust intrusion detectionscope:eqversion:4.0

Trust: 0.3

vendor:computermodel:associates etrust intrusion detection sp1scope:eqversion:2.0.0

Trust: 0.3

vendor:computermodel:associates etrust ez antivirusscope:eqversion:7.1

Trust: 0.3

vendor:computermodel:associates etrust antivirusscope:eqversion:7.0

Trust: 0.3

vendor:computermodel:associates etrust antivirus r8.1scope: - version: -

Trust: 0.3

vendor:computermodel:associates etrust antivirus r8scope: - version: -

Trust: 0.3

vendor:computermodel:associates common services r11.1scope: - version: -

Trust: 0.3

vendor:computermodel:associates common services r11scope: - version: -

Trust: 0.3

vendor:computermodel:associates common servicesscope:eqversion:3.1

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for windowsscope:eqversion:11.5

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for windowsscope:eqversion:11.1

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for windowsscope:eqversion:11.0

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for windowsscope:eqversion:12.0

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for linuxscope:eqversion:11.1

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for linuxscope:eqversion:11.5

Trust: 0.3

vendor:computermodel:associates arcserve for windows server componentscope:eqversion:0

Trust: 0.3

vendor:computermodel:associates arcserve client agent for windowsscope:eqversion:0

Trust: 0.3

vendor:computermodel:associates arcservescope:eqversion:12.0

Trust: 0.3

vendor:computermodel:associates anti-virus sdkscope:eqversion:0

Trust: 0.3

vendor:computermodel:associates anti-virus gatewayscope:eqversion:7.1

Trust: 0.3

vendor:computermodel:associates anti-spyware for the enterprise r8.1scope: - version: -

Trust: 0.3

vendor:computermodel:associates anti-spyware for the enterprise r8scope: - version: -

Trust: 0.3

vendor:computermodel:associates anti-spywarescope:eqversion:20080

Trust: 0.3

vendor:computermodel:associates anti-spywarescope:eqversion:2007

Trust: 0.3

sources: BID: 33464 // JVNDB: JVNDB-2009-002620 // CNNVD: CNNVD-200901-407 // NVD: CVE-2009-0042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0042
value: HIGH

Trust: 1.0

NVD: CVE-2009-0042
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200901-407
value: CRITICAL

Trust: 0.6

VULHUB: VHN-37488
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0042
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37488
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37488 // JVNDB: JVNDB-2009-002620 // CNNVD: CNNVD-200901-407 // NVD: CVE-2009-0042

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-noinfo

Trust: 0.8

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2009-002620 // NVD: CVE-2009-0042

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 74367 // CNNVD: CNNVD-200901-407

TYPE

design error

Trust: 0.6

sources: CNNVD: CNNVD-200901-407

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-002620

PATCH
title:197601url:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601
Trust: 0.8
title:Computer Associates Anti-Virus Engine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146829
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2009-002620 // 
            
            
            
            CNNVD: CNNVD-200901-407

EXTERNAL IDS
db:NVDid:CVE-2009-0042
Trust: 2.9
db:BIDid:33464
Trust: 2.8
db:SECTRACKid:1021639
Trust: 2.5
db:VUPENid:ADV-2009-0270
Trust: 2.5
db:XFid:48261
Trust: 0.8
db:JVNDBid:JVNDB-2009-002620
Trust: 0.8
db:CNNVDid:CNNVD-200901-407
Trust: 0.6
db:PACKETSTORMid:74367
Trust: 0.2
db:VULHUBid:VHN-37488
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37488 // 
            
            
            
            BID: 33464 // 
            
            
            
            JVNDB: JVNDB-2009-002620 // 
            
            
            
            PACKETSTORM: 74367 // 
            
            
            
            CNNVD: CNNVD-200901-407 // 
            
            
            
            NVD: CVE-2009-0042

REFERENCES
url:http://www.securityfocus.com/bid/33464
Trust: 2.5
url:http://www.securitytracker.com/id?1021639
Trust: 2.5
url:http://www.vupen.com/english/advisories/2009/0270
Trust: 2.5
url:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197601
Trust: 2.0
url:http://www.securityfocus.com/archive/1/500417/100/0/threaded
Trust: 1.7
url:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/26/ca20090126-01-ca-anti-virus-engine-detection-evasion-multiple-vulnerabilities.aspx
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/48261
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0042
Trust: 0.9
url:http://xforce.iss.net/xforce/xfdb/48261
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0042
Trust: 0.8
url:http://www.ca.com
Trust: 0.3
url:/archive/1/500417
Trust: 0.3
url:/archive/1/503447
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2009-0042
Trust: 0.1
url:http://www.nruns.com/
Trust: 0.1
url:http://support.ca.com/
Trust: 0.1
url:http://osvdb.org/
Trust: 0.1
url:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777
Trust: 0.1
url:http://www.ca.com/us/contact/
Trust: 0.1
url:http://secdev.zoller.lu
Trust: 0.1
url:http://www.ca.com/us/legal/
Trust: 0.1
url:http://support.ca.com.
Trust: 0.1
url:http://www.ca.com/us/privacy/
Trust: 0.1
url:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1976
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37488 // 
            
            
            
            BID: 33464 // 
            
            
            
            JVNDB: JVNDB-2009-002620 // 
            
            
            
            PACKETSTORM: 74367 // 
            
            
            
            CNNVD: CNNVD-200901-407 // 
            
            
            
            NVD: CVE-2009-0042

CREDITS
Thierry Zoller and Sergio Alvarez of n.runs AG
Trust: 0.9
sources:
            
            
            BID: 33464 // 
            
            
            
            CNNVD: CNNVD-200901-407

SOURCES
db:VULHUBid:VHN-37488
db:BIDid:33464
db:JVNDBid:JVNDB-2009-002620
db:PACKETSTORMid:74367
db:CNNVDid:CNNVD-200901-407
db:NVDid:CVE-2009-0042

LAST UPDATE DATE
2024-11-23T23:10:15.841000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37488date:2018-10-30T00:00:00
db:BIDid:33464date:2009-05-12T22:06:00
db:JVNDBid:JVNDB-2009-002620date:2010-12-27T00:00:00
db:CNNVDid:CNNVD-200901-407date:2021-04-08T00:00:00
db:NVDid:CVE-2009-0042date:2024-11-21T00:58:56.143

SOURCES RELEASE DATE
db:VULHUBid:VHN-37488date:2009-01-28T00:00:00
db:BIDid:33464date:2009-01-27T00:00:00
db:JVNDBid:JVNDB-2009-002620date:2010-12-27T00:00:00
db:PACKETSTORMid:74367date:2009-01-28T00:18:02
db:CNNVDid:CNNVD-200901-407date:2009-01-28T00:00:00
db:NVDid:CVE-2009-0042date:2009-01-28T01:30:00.453