製品・ソフトウェアに関する情報

JVN脆弱性詳細

CA Anti-Virus などの arclib.dll におけるサービス運用妨害 (DoS) の脆弱性

Title	CA Anti-Virus などの arclib.dll におけるサービス運用妨害 (DoS) の脆弱性
Summary	CA Anti-Virus (前 eTrust Antivirus) および他の特定の CA 製品の arclib.dll には、サービス運用妨害 (無限ループおよびアンチウィルス機能の喪失) 状態となる脆弱性が存在します。
Possible impacts	第三者により、CHM ファイル内の無効な "以前にリストされたチャンク番号" のフィールドを介して、サービス運用妨害 (無限ループおよびアンチウィルス機能の喪失) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	July 25, 2007, midnight
Registration Date	June 26, 2012, 3:54 p.m.
Last Update	June 26, 2012, 3:54 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected System

CA Technologies

anti-spyware 8

BrightStor ARCserve Backup

brightstor arcserve client

BrightStor Enterprise Backup

brigthstor arcserve client for windows

CA Anti-Spyware for the Enterprise

CA Anti-Virus 8

CA Anti-Virus for the Enterprise 8

CA Anti-Virus SDK 8

CA Common Services

CA eTrust Intrusion Detection 8

CA Internet Security Suite

CA Protection Suites

CA Secure Content Manager

CA Threat Manager

eTrust Antivirus Gateway 8

eTrust EZ Antivirus 8

etrust ez armor 8

etrust internet security suite 8

unicenter network and systems management

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-3875	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3875
National Vulnerability Database (NVD)
2	CVE-2007-3875	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3875

ベンダー情報

No	Name	URL
CA
1	Top Page	http://www.ca.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-3875

Summary	arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
Publication Date	July 26, 2007, 9:30 a.m.
Registration Date	Jan. 29, 2021, 2:16 p.m.
Last Update	April 15, 2021, 12:34 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:broadcom:anti-spyware:2007:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:::::::*
cpe:2.3:a:broadcom:anti_virus_sdk::::::::
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:::::::*
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:::::::*
cpe:2.3:a:broadcom:antivirus_sdk::::::::
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_client::::::::
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows::::::::
cpe:2.3:a:broadcom:common_services:11:::::::*
cpe:2.3:a:broadcom:common_services:11.1:::::::*
cpe:2.3:a:broadcom:etrust_antivirus:8:::::::*
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:::::::*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:::::::*
cpe:2.3:a:broadcom:etrust_ez_antivirus:7:::::::*
cpe:2.3:a:broadcom:etrust_ez_armor:1:::::::*
cpe:2.3:a:broadcom:etrust_ez_armor:2:::::::*
cpe:2.3:a:broadcom:etrust_ez_armor:3:::::::*
cpe:2.3:a:broadcom:etrust_internet_security_suite:1:::::::*
cpe:2.3:a:broadcom:etrust_internet_security_suite:2:::::::*
cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:::::::*
cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:::::::*
cpe:2.3:a:broadcom:internet_security_suite:3.0:::::::*
cpe:2.3:a:broadcom:secure_content_manager:1.1:::::::*
cpe:2.3:a:broadcom:secure_content_manager:8.0:::::::*
cpe:2.3:a:broadcom:threat_manager:8:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:::::::*
cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1::::::
cpe:2.3:a:ca:protection_suites:r2:::::::*
cpe:2.3:a:ca:protection_suites:r3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567	IDEFENSE	Patch
2	http://secunia.com/advisories/26155	SECUNIA	Patch Vendor Advisory
3	http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp	CONFIRM	Patch
4	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149847	CONFIRM
5	http://www.securityfocus.com/archive/1/474601/100/0/threaded	BUGTRAQ
6	http://www.securityfocus.com/archive/1/474605/100/100/threaded	BUGTRAQ
7	http://www.securityfocus.com/archive/1/474683/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/bid/25049	BID	Patch
9	http://www.securitytracker.com/id?1018450	SECTRACK
10	http://www.vupen.com/english/advisories/2007/2639	VUPEN
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/35573	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:broadcom:anti-spyware:2007:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:::::::*
cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:::::::*
cpe:2.3:a:broadcom:anti_virus_sdk::::::::
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:::::::*
cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:::::::*
cpe:2.3:a:broadcom:antivirus_sdk::::::::
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_client::::::::
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows::::::::
cpe:2.3:a:broadcom:common_services:11:::::::*
cpe:2.3:a:broadcom:common_services:11.1:::::::*
cpe:2.3:a:broadcom:etrust_antivirus:8:::::::*
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:::::::*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:::::::*
cpe:2.3:a:broadcom:etrust_ez_antivirus:7:::::::*
cpe:2.3:a:broadcom:etrust_ez_armor:1:::::::*
cpe:2.3:a:broadcom:etrust_ez_armor:2:::::::*
cpe:2.3:a:broadcom:etrust_ez_armor:3:::::::*
cpe:2.3:a:broadcom:etrust_internet_security_suite:1:::::::*
cpe:2.3:a:broadcom:etrust_internet_security_suite:2:::::::*
cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:::::::*
cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:::::::*
cpe:2.3:a:broadcom:internet_security_suite:3.0:::::::*
cpe:2.3:a:broadcom:secure_content_manager:1.1:::::::*
cpe:2.3:a:broadcom:secure_content_manager:8.0:::::::*
cpe:2.3:a:broadcom:threat_manager:8:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:::::::*
cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:::::::*
cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1::::::
cpe:2.3:a:ca:protection_suites:r2:::::::*
cpe:2.3:a:ca:protection_suites:r3:::::::*