Computer Associates BrightStor ARCServe BackUp LGServer Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	22342
Class:	Boundary Condition Error
CVE:	CVE-2007-0449
Remote:	Yes
Local:	No
Published:	Jan 31 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Mark Litchfield of NGS Software Insight Security Research is credited with the discovery of this issue.
Vulnerable:	Computer Associates ARCserve Backup for Laptops and Desktops 11.1 SP1 Computer Associates ARCserve Backup for Laptops and Desktops 11.1 Computer Associates ARCserve Backup for Laptops and Desktops 11.0
Not Vulnerable:	Computer Associates ARCserve Backup for Laptops and Desktops 11.1 SP2

Computer Associates BrightStor ARCServe BackUp LGServer Remote Stack Buffer Overflow Vulnerability

Computer Associates BrightStor ARCserve Backup is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized buffer.

A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.

Note that only applications on the Windows operating system are affected.

Computer Associates BrightStor ARCServe BackUp LGServer Remote Stack Buffer Overflow Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/CA BrightStor_rexp.py

Computer Associates BrightStor ARCServe BackUp LGServer Remote Stack Buffer Overflow Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.

Computer Associates BrightStor ARCServe BackUp LGServer Remote Stack Buffer Overflow Vulnerability

References:

• BrightStor ARCserve Backup for Windows Product Page (Computer Associates)
  
• Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Lapto (NGS Software Insight Security Research)
  
• Important Security Notice for BrightStor ARCserve Backup for Laptops & Desktops (Computer Associates)