CA Hierarchical Storage Manager SQL Injection Vulnerabilities
TPTI-07-17: October 2nd, 2007CVE ID
Affected Vendors
Affected Products
-
Hierarchical Storage Manager r11.5
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4925. For further product information on the TippingPoint IPS:Vulnerability Details
These vulnerabilities allow a remote attacker to inject arbitrary SQL into the backend database on vulnerable installations of CA BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities.The specific flaws exist in the CsAgent service that listens by default on TCP port 2000. An opcode parsing switch statement multiplexes data funneling across various vulnerable routines. At least 7 out of the available 68 opcodes are vulnerable to SQL injections, including: 0x07 - 0x09, 0x1E, 0x32, 0x36, 0x40.
Vendor Response
Computer Associates has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2006-11-01 - Vulnerability reported to vendor
2007-10-02 - Coordinated public release of advisory
