OSVDB ID: 31593

Title: CA BrightStor ARCserve Backup Mobile Backup Service Multiple Remote Overflows

Info

Disclosure
Jan 23, 2007

Discovery
Jun 26, 2006

Dates

Exploit
Unknown

Solution
Jan 23, 2007

Description

 Multiple buffer overflows exist in ARCServe Backup. The Mobile Backup Service (LGSERVER.EXE) fails to validate all packets received on TCP port 2200 resulting in a heap overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Vendor Verified, Coordinated Disclosure

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA

ARCserve Backup for Laptops and Desktops

 11.1
11.0
4.0
11.1 SP1

Protection Suites

 r2

Desktop Management Suite

 11.1
11.0

References

Credit
  • Mark Litchfield - markngssoftware.com - NGS Software


Direct URL: http://osvdb.org/31593