Vulnerability Name:

CVE-2009-3587 (CCN-53697)

Assigned:2009-10-08
Published:2009-10-08
Updated:2021-11-15
Summary:Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-3587

Source: OSVDB
Type: Broken Link
58691

Source: CCN
Type: SA36976
CA Anti-Virus Engine RAR Processing Two Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
36976

Source: CCN
Type: SECTRACK ID: 1022999
CA Anti-Virus arclib RAR Processing Flaws Let Remote Users Deny Service and Potentially Execute Arbitrary Code

Source: CONFIRM
Type: Broken Link, Patch, Vendor Advisory
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878

Source: CCN
Type: OSVDB ID: 58691
CA Multiple Products Anti-Virus Engine arclib Component RAR File Handling Memory Corruption DoS

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20091009 CA20091008-01: Security Notice for CA Anti-Virus Engine

Source: BID
Type: Third Party Advisory, VDB Entry
36653

Source: CCN
Type: BID-36653
Computer Associates Anti-Virus Engine 'arclib' Multiple Memory Corruption Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1022999

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2852

Source: XF
Type: Third Party Advisory, VDB Entry
ca-rar-code-execution(53697)

Source: XF
Type: UNKNOWN
ca-rar-code-execution(53697)

Source: CCN
Type: CA20091008-01
Security Notice for CA Anti-Virus Engine

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus:2007:8:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:protection_suites:r3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:common_services:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus:2009:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_anti-virus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_ez_antivirus:r7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8.1:*:enterprise:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:r8:*:enterprise:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:common_services:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:r8:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_for_the_enterprise:r8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:gateway_security:r8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_integrated_threat_management:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:network_and_systems_management:r3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_for_windows_client_agent:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_for_windows_server_component:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_anti-virus_sdk:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
  • AND
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8::enterprise:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager:8.1::enterprise:*:*:*:*:*
  • OR cpe:/a:ca:anti_virus_sdk:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus:2007:8:*:*:*:*:*:*
  • OR cpe:/a:broadcom:anti-virus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus:2009:*:*:*:*:*:*:*
  • OR cpe:/a:ca:anti-virus_plus:2009:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_2007:3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2008:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:internet_security_suite_plus_2009:*:*:*:*:*:*:*:*
  • OR cpe:/a:ca:threat_manager_total_defense:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom etrust antivirus 8
    broadcom etrust antivirus 8.1
    broadcom internet security suite *
    ca internet security suite 2008 *
    ca protection suites r2
    ca protection suites r3
    broadcom network and systems management r3.1
    broadcom network and systems management r11.1
    ca etrust intrusion detection 2.0 sp1
    broadcom anti-virus 2007 8
    broadcom anti-virus 2008
    ca internet security suite plus 2008 *
    ca internet security suite plus 2009 *
    ca protection suites r3.1
    broadcom secure content manager 1.1
    broadcom network and systems management r11
    broadcom unicenter network and systems management 3.0
    broadcom unicenter network and systems management 3.1
    ca etrust intrusion detection 3.0 sp1
    ca common services 3.1
    ca arcserve backup r11.5
    broadcom etrust antivirus 7.1
    broadcom anti-virus for the enterprise 7.1
    ca anti-virus 2009
    ca anti-virus plus 2009
    broadcom etrust intrusion detection 3.0
    ca anti-virus gateway 7.1
    ca etrust anti-virus gateway 7.1
    ca etrust ez antivirus r7.1
    ca threat manager 8.1
    ca threat manager r8
    broadcom secure content manager 8.0
    broadcom etrust secure content manager 1.1
    broadcom unicenter network and systems management 11
    broadcom unicenter network and systems management 11.1
    broadcom common services 11
    broadcom common services 11.1
    broadcom anti-virus for the enterprise r8
    ca anti-virus for the enterprise r8.1
    broadcom internet security suite 3.0
    ca gateway security r8.1
    broadcom etrust integrated threat management 8.1
    ca threat manager total defense *
    ca etrust secure content manager 8.0
    broadcom network and systems management r3.0
    ca arcserve for windows client agent *
    ca arcserve for windows server component *
    broadcom anti-virus sdk *
    ca etrust anti-virus sdk *
    ca arcserve backup r11.1
    ca arcserve backup r11.5
    linux linux *
    ca internet security suite 2007 3
    ca anti-virus for the enterprise 8
    ca anti-virus for the enterprise 8.1
    ca threat manager 8
    ca secure content manager 8.0
    ca anti-virus for the enterprise 7.1
    ca secure content manager 1.1
    ca threat manager 8.1
    ca anti virus sdk *
    ca etrust ez antivirus 7.1
    ca internet security suite 2008 *
    ca anti-virus 2007 8
    ca anti-virus 2008
    ca anti-virus 2009
    ca anti-virus plus 2009
    ca internet security suite 2007 3
    ca internet security suite plus 2008 *
    ca internet security suite plus 2009 *
    ca threat manager total defense *