Intrusion Prevention

CA.BrightStor.ARCserve.Discovery.Buffer.Overflow

Description

This vulnerability affects the BrightStor ARCserve/Enterprise backup software. The vulnerability results from a remote buffer overflow. This issue is due to a failure of the application to securely copy data from the network, allowing remote attackers to execute arbitrary commands via a large packet to TCP port 41523. An attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.

Affected Products

BrightStor ARCServe Backup 9.0 Netware
BrightStor ARCserve Backup (BAB) r11.1 Windows
BrightStor ARCserve Backup 11 for Windows
BrightStor ARCServe Backup 11.1 NetWare
BrightStor ARCserve Backup 9.0 Windows (v9.01)
BrightStor ARCserve Backup r11.1 for Windows 64
BrightStor Enterprise Backup 10.0
BrightStor Enterprise Backup v10.5

Impact

Execution of Arbitrary Code resulting in superuser access.
Denial of Service

Recommended Actions

Apply the patches provided by the vendor:
Computer Associates BrightStor ARCServe Backup for NetWare 9.0:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64541&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 9.0.1:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64542&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.0:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64544&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.5:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64540&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 11.0:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64539&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 11.1:
http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO64538&os=NT&returninput=0
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1:
http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO64538&os=NT&returninput=0
Computer Associates BrightStor ARCServe Backup for NetWare 11.1:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64543&startsearch=1

CVE References

CVE-2006-5143