CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability
BID:21502
Info
CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21502 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6379 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 08 2006 12:00AM |
| Updated: | Dec 12 2006 09:18PM |
| Credit: | Assurent Secure Technologies is credited with discovering this issue. |
| Vulnerable: |
Computer Associates Server Protection Suite r2 Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2 Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2 Computer Associates Business Protection Suite r2 Computer Associates BrightStor ARCServe Backup 11.5 Computer Associates BrightStor ARCServe Backup 11.1 Computer Associates BrightStor ARCServe Backup 9.01 Computer Associates BrightStor ARCServe Backup 11.5.SP1 Computer Associates BrightStor ARCServe Backup 11 Computer Associates BrightStor ARCServe Backup 10.5 |
| Not Vulnerable: |
Computer Associates BrightStor ARCServe Backup 11.5.SP2 |
Discussion
CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.
A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions. Successful exploits can lead to a complete compromise of affected computers.
This issue affects multiple BrightStor ARCserve Backup application agents and the base product.
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.
A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions. Successful exploits can lead to a complete compromise of affected computers.
This issue affects multiple BrightStor ARCserve Backup application agents and the base product.
Exploit / POC
CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability
Solution:
The vendor released a security advisory and fixes to address this issue. Please see the references for more information.
Solution:
The vendor released a security advisory and fixes to address this issue. Please see the references for more information.
References
CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability
References:
References:
- BrightStor ARCserve Backup Product Page (Computer Associates)
- CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability (Computer Associates)
- [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vu (Williams, James K)