Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability
BID:13102
Info
Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13102 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1018 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2005 12:00AM |
| Updated: | Jul 13 2009 04:26PM |
| Credit: | Discovery is credited to an anonymous source. |
| Vulnerable: |
Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5 Computer Associates BrightStor Enterprise Backup 10.5 Computer Associates BrightStor Enterprise Backup 10.0 Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1 Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0 Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1 Computer Associates BrightStor ARCserve Backup for Windows (NoEng-Cli) 9.01 Computer Associates BrightStor ARCserve Backup for Windows (NoEng-All) 9.01 Computer Associates BrightStor ARCserve Backup for Windows (Eng-Cli) 9.01 Computer Associates BrightStor ARCserve Backup for Windows (Eng-All) 9.01 Computer Associates BrightStor ARCserve Backup for Windows (Client) 11.1 Computer Associates BrightStor ARCserve Backup for Windows (All) 11.1 Computer Associates BrightStor ARCServe Backup for Windows 11.1 Computer Associates BrightStor ARCServe Backup for Windows 11.0 Computer Associates BrightStor ARCServe Backup for Windows 9.0 .0.1 |
| Not Vulnerable: | |
Discussion
Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability
A remote buffer-overflow vulnerability affects BrightStor ARCserve and ARCserve Enterprise agent because the application fails to securely copy data from the network.
A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial-of-service condition may arise as well.
BrightStor ARCserve Backup v11 for Win32 platforms is vulnerable; other versions may also be affected.
A remote buffer-overflow vulnerability affects BrightStor ARCserve and ARCserve Enterprise agent because the application fails to securely copy data from the network.
A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial-of-service condition may arise as well.
BrightStor ARCserve Backup v11 for Win32 platforms is vulnerable; other versions may also be affected.
Exploit / POC
Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability
Exploit code is available as part of the Metasploit Framework:
Exploit code is available as part of the Metasploit Framework:
Solution / Fix
Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability
Solution:
The vendor has released advisories and fixes. Please see the references for details.
Computer Associates BrightStor ARCserve Backup for Windows (All) 11.1
Computer Associates BrightStor ARCserve Backup for Windows (NoEng-All) 9.01
Computer Associates BrightStor ARCserve Backup for Windows (NoEng-Cli) 9.01
Computer Associates BrightStor ARCserve Backup for Windows (Eng-Cli) 9.01
Computer Associates BrightStor ARCserve Backup for Windows (Client) 11.1
Computer Associates BrightStor ARCserve Backup for Windows (Eng-All) 9.01
Computer Associates BrightStor Enterprise Backup 10.0
Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5
Computer Associates BrightStor Enterprise Backup 10.5
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0
Computer Associates BrightStor ARCServe Backup for Windows 11.0
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1
Solution:
The vendor has released advisories and fixes. Please see the references for details.
Computer Associates BrightStor ARCserve Backup for Windows (All) 11.1
-
Computer Associates APAR #: QO66526
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 6&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (NoEng-All) 9.01
-
Computer Associates APAR #: QO66529
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 9&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (NoEng-Cli) 9.01
-
Computer Associates APAR #: QO66531
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6653 1&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (Eng-Cli) 9.01
-
Computer Associates APAR #: QO66530
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6653 0&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (Client) 11.1
-
Computer Associates APAR #: QO66527
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 7&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (Eng-All) 9.01
-
Computer Associates APAR #: QO66528
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 8&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.0
-
Computer Associates APAR #: QO66523
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 3&startsearch=1
Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5
-
Computer Associates APAR #: QO66533
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6653 3&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.5
-
Computer Associates APAR #: QO66524
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 4&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0
-
Computer Associates APAR #: QO66535
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6653 5&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 11.0
-
Computer Associates APAR #: QO66525
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6652 5&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1
-
Computer Associates APAR #: QO66534
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6653 4&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1
-
Computer Associates APAR #: QO66536
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO6653 6&startsearch=1
References
Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability
References:
References:
- BrightStor ARCserve Backup for Windows Product Page (Computer Associates)
- Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow (iDEFENSE)
- Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup ("Williams, James K"
- iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Bac ("iDEFENSE Labs"
- RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available) ("Williams, James K"