|
|
| |
"BrightStor ARCserve Backup provides a complete, flexible and integrated backup and recovery solution for Windows, NetWare, Linux and UNIX environments."
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. |
| |
Credit:
The information has been provided by LSsec.
The original article can be found at:
http://www.lssec.com/advisories/LS-20060220.pdf
|
| |
Vulnerable Systems:
* BrightStor ARCserve Backup version R11.5 Client
* BrightStor ARCserve Backup version R11.5 Server
* BrightStor Enterprise Backup version 10.5
* BrightStor ARCserve Backup version 9.01
* CA Server Protection Suite r2
* CA Business Protection Suite r2
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Discovery Service (casdscsvc.exe) due to incorrect handling of requests on TCP port 41523.
The BrightStor software will automatically detect other BrightStor (ARCserve) servers on the local network. The Discovery Service sends a packet to the broadcast address of a given subnet. Each system running the Discovery Service responds to the IP address embedded in the broadcast packet. All systems discovered on the subnet transmit their hostnames and IP addresses and then read in the hostname of the system which initiated the broadcast.
This hostname is copied into a fixed 1024 byte stack buffer by use of an incongruous call to vsprintf() in ASBRDCST.DLL
Disclosure Timeline:
* 10/05/2006 - Release
* 02/20/2006 - Reported
|
|
|
|
|
|
|
|
