Title: Computer Associates ARCserveIT ClientAgent Temporary File Vulnerability
Severity: MODERATE
Description:
ARCServeIT is a backup solution offered by Computer Associates for various platforms. On each client that uses the system, a "Client Agent" must be installed. On at least linux systems, the setup script for Client Agent writes to a file in /tmp without checking to see whether the file already exists and who owns it. The script then moves the file to a trusted location, carrying ownership along with it. The file that the tmpfile (uagent.tmp) is mv'ed to is /usr/CYEagent/agent.cfg, the global configuration file for the client sub-agents on the system. The contents of this file can be executed when the ARTServeIT "sub-agents" are re-started and depending on the modifications to the config file, root privilges can possibly be gained. Fortunately, in order to exploit this an attacker must know in advance that the client-agent setup program is going to be run on the target machines or the setup program must be run a second time since that is where the vulnerability lies.
Affected Products:
- Computer Associates ARCServeIT 6.63.0
References:
- Computer Associates: ARCServeIT Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
