View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA BrightStor ARCserve Backup tapeeng.exe arbitrary code execution vulnerability

Date Discovered:
11 Jan 2007

Date Published:
12 Jan 2007

Last Updated:
3 Apr 2007

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  High
Simplicity:  Low

Characteristics

Vulnerability ID:  34959
Discovered By:  Anonymous

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can execute arbitrary code.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA BrightStor ARCserve Backup contains a vulnerability that can allow a remote attacker to execute arbitrary code. The vulnerability is due to improper handling of opnum 38 in TAPEUTIL.dll or opnum 37 in TAPEENG.dll. An attacker can send malformed RPC request to execute arbitrary code.

Back to top

Recommendations

Back to top

Affected Technologies

Computer Associates: BrightStor ARCserve Backup v9.01 Client Agent for Windows
Computer Associates: CA BrightStor ARCserve Backup for Windows r11
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.1
Computer Associates: CA BrightStor ARCserve Backup for Windows r11.5
Computer Associates: CA Brightstor Enterprise Backup v10.5 for Windows
Computer Associates: CA Protection Suites - Protection Suite Server r2 x86 32

Back to top

References

Computer Associates: babimpsec-notice
Mitre CVE: CVE-2006-6917

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare