Vulnerability Detail

CA BrightStor ARCserve Backup Mediasvr stack based buffer overflow vulnerability

Date Discovered:
11 Jan 2007

Date Published:
12 Jan 2007

Last Updated:
3 Apr 2007

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Medium

Characteristics

Vulnerability ID: 34955
Discovered By: Anonymous

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: A remote attacker can execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

CA BrightStor ARCserve Backup contains a vulnerability that can allow a remote attacker to execute arbitrary code. The vulnerability is due to a stack based buffer overflow in the Mediasrv service. An attacker can send a specially crafted packet to the RPC interface to execute arbitrary code.

Recommendations

Affected Technologies

Computer Associates: BrightStor ARCserve Backup v9.01 Client Agent for Windows
Computer Associates: CA BrightStor ARCserve Backup for Windows r11
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.1
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.5
Computer Associates: CA Brightstor Enterprise Backup v10.5 for Windows
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32

References

Computer Associates: babimpsec-notice
Mitre CVE: CVE-2006-5171

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools