Intrusion Prevention

CA.BrightStor.ARCServe.Backup.LGServer.Username.Overflow

Description

This indicates a possible exploit of a buffer-overflow vulnerability in CA (Computer Associates) BrightStor ARCserve Backup.
The vulnerability is caused by an error when the vulnerable software performs authentication of users. It allows a remote attacker to execute arbitrary code.

Affected Products

Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.0
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP2
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP1
Computer Associates BrightStor ARCserve Backup for Laptops and Desktop 11.5

Impact

System Compromise

Recommended Actions

The vendor has issued the following fixes:
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0: QO91013
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&se archID=QO91013
CA ARCserve Backup for Laptops and Desktops 11.1: QO91014
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO91014
CA ARCserve Backup for Laptops and Desktops 11.5: QO91015
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO91015

CVE References

CVE-2007-5003