Intrusion Prevention

CA.BrightStor.ARCserve.UniversalAgent.Buffer.Overflow

Description

Indicates a possible exploit of remote buffer overflow vulnerability in Computer Associates BrightStor ARCServe Backup storage management software.


Computer Associates BrightStor ARCServe Backup is used for backup and restore protection for various server platforms and clients systems. A vulnerability is reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to securely copy data from the network. The Universal agent service, which listens on TCP/UDP port 6050, is vulnerable to buffer overflow. An attacker may exploit this by sending agent request with "option" field set to 0, 3 or 1000 and preceding large strings to option field, to cause buffer a overflow and execute arbitrary code on the system.

Affected Products

Computer Associates BrightStor ARCServe Backup7.x,9.x and 11.x; Enterprise backup10.x; ARCServer2000 Backup.

Impact

System access and full compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version. Computer Associates BrightStor ARCserve Backup for Windows (All) 11.1
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66526&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (NoEng-All) 9.01
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66529&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (NoEng-Cli) 9.01
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66531&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (Eng-Cli) 9.01
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66530&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (Client) 11.1
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66527&startsearch=1
Computer Associates BrightStor ARCserve Backup for Windows (Eng-All) 9.01
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66528&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.0
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66523&startsearch=1
Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66533&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.5
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66524&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66535&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 11.0
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66525&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66534&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO66536&startsearch=1

CVE References

CVE-2005-1018