CA BrightStor ARCserve Backup Tape Engine TCP 6502 Remote Buffer Overflow Vulnerability
BID:22006
Info
CA BrightStor ARCserve Backup Tape Engine TCP 6502 Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 22006 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6917 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2007 12:00AM |
| Updated: | Jan 12 2007 10:11PM |
| Credit: | Tenable Network Security is credited with discovering this issue. |
| Vulnerable: |
Computer Associates Server Protection Suite r2 Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2 Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2 Computer Associates Business Protection Suite r2 Computer Associates BrightStor ARCServe Backup 11.1 Computer Associates BrightStor ARCServe Backup 9.01 Computer Associates BrightStor ARCServe Backup 11.5 Computer Associates BrightStor ARCServe Backup 11 Computer Associates BrightStor ARCServe Backup 10.5 |
| Not Vulnerable: | |
Discussion
CA BrightStor ARCserve Backup Tape Engine TCP 6502 Remote Buffer Overflow Vulnerability
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.
A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions.
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.
A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions.
Exploit / POC
CA BrightStor ARCserve Backup Tape Engine TCP 6502 Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
CA BrightStor ARCserve Backup Tape Engine TCP 6502 Remote Buffer Overflow Vulnerability
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
Computer Associates BrightStor ARCServe Backup 9.01
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
Computer Associates BrightStor ARCServe Backup 9.01
-
Computer Associates QO84985
https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO8 4985
References
CA BrightStor ARCserve Backup Tape Engine TCP 6502 Remote Buffer Overflow Vulnerability
References:
References:
- 34959 - CA BrightStor ARCserve Backup tapeeng.exe arbitrary code execution vulne (Computer Associates)
- BrightStor ARCserve Backup Product Page (Computer Associates)
- Important Security Notice for BrightStor ARCserve Backup (Computer Associates)
- LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer (LSsecurity)
- LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer (LSsecurity)
- [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup M (Computer Associates)