BrightStor ARCserve/Enterprise Discovery Service SERVICEPC Remote Buffer Overflow Vulnerability

BID:12536

Info

BrightStor ARCserve/Enterprise Discovery Service SERVICEPC Remote Buffer Overflow Vulnerability

Bugtraq ID: 12536
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Feb 14 2005 12:00AM
Updated: Feb 14 2005 12:00AM
Credit: cybertronic <[email protected]> is credited with the discovery of this issue.
Vulnerable: Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5
Computer Associates BrightStor Enterprise Backup for Tru64 10.5
Computer Associates BrightStor Enterprise Backup for Solaris 10.5
Computer Associates BrightStor Enterprise Backup for Solaris 10.0
Computer Associates BrightStor Enterprise Backup for Mainframe Linux 10.0
Computer Associates BrightStor Enterprise Backup for HPUX 10.0
Computer Associates BrightStor Enterprise Backup for HP 10.5
Computer Associates BrightStor Enterprise Backup for AIX 10.5
Computer Associates BrightStor Enterprise Backup for AIX 10.0
Computer Associates BrightStor Enterprise Backup 10.5
Computer Associates BrightStor Enterprise Backup 10.0
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1
Computer Associates BrightStor ARCServe Backup for Windows 11.1
Computer Associates BrightStor ARCServe Backup for Windows 11.0
Computer Associates BrightStor ARCServe Backup for Windows 9.0 .0.1
Computer Associates BrightStor ARCServe Backup for Tru64 11.1
Computer Associates BrightStor ARCServe Backup for Solaris 11.1
Computer Associates BrightStor ARCServe Backup for NetWare 11.1
Computer Associates BrightStor ARCServe Backup for NetWare 9.0
Computer Associates BrightStor ARCServe Backup for Mainframe Linux 11.1
Computer Associates BrightStor ARCServe Backup for Macintosh 11.1
Computer Associates BrightStor ARCServe Backup for Linux Japanese 9.0
Computer Associates BrightStor ARCServe Backup for Linux 11.1
Computer Associates BrightStor ARCServe Backup for Linux 9.0
Computer Associates BrightStor ARCServe Backup for Linux 7.0
Computer Associates BrightStor ARCServe Backup for HP 11.1
Computer Associates BrightStor ARCServe Backup for AIX 11.1
Computer Associates BrightStor ARCserve 2000 Backup Windows Japanese
Not Vulnerable:

Discussion

BrightStor ARCserve/Enterprise Discovery Service SERVICEPC Remote Buffer Overflow Vulnerability

A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability).

A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.

Exploit / POC

BrightStor ARCserve/Enterprise Discovery Service SERVICEPC Remote Buffer Overflow Vulnerability

The following exploits have been made available. It should be noted that previously the exploit 'cybertronicBrightStorARCServeBO.c' was associated with BID 12491 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability). It has been reported that the issue exploited by 'cybertronicBrightStorARCServeBO.c' is distinct from the issue outlined in that BID.

A Metasploit framework exploit, 'cabrightstor_disco_servicepc.pm', has also been made available.

Solution / Fix

BrightStor ARCserve/Enterprise Discovery Service SERVICEPC Remote Buffer Overflow Vulnerability

Solution:
The vendor has released a patch dealing with this issue in their Microsoft Windows packages. Reportedly patches for other platforms are pending release.


Computer Associates BrightStor Enterprise Backup 10.0

Computer Associates BrightStor Enterprise Backup 10.5

Computer Associates BrightStor ARCServe Backup for Windows 11.0

Computer Associates BrightStor ARCServe Backup for NetWare 11.1

Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1

Computer Associates BrightStor ARCServe Backup for Windows 11.1

Computer Associates BrightStor ARCServe Backup for Windows 9.0 .0.1

Computer Associates BrightStor ARCServe Backup for NetWare 9.0

References

BrightStor ARCserve/Enterprise Discovery Service SERVICEPC Remote Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report