SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA ARCserve Backup Vendors:   CA
BrightStor ARCserve Tape Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017268
SecurityTracker URL:  http://securitytracker.com/id/1017268
CVE Reference:   CVE-2006-6076   (Links to External Site)
Updated:  Mar 16 2007
Original Entry Date:  Nov 21 2006
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.5
Description:   A vulnerability was reported in BrightStor ARCserve. A remote user can execute arbitrary code on the target system.

The Tape Engine (tapeeng.exe) does not properly validate RPC requests received on TCP port 6502. A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with System level privileges.

LSsec discovered this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system with System level privileges.
Solution:   The vendor has issued the following fixes, available at:

http://supportconnect.ca.com

BrightStor ARCserve Backup r11.5 - QO86255
BrightStor ARCserve Backup r11.1 - QO86258
BrightStor ARCserve Backup r11.0 - QI82917
BrightStor Enterprise Backup r10.5 - QO86259
BrightStor ARCserve Backup v9.01 - QO86260

The CA advisory is available at:

http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp

Vendor URL:  supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow

LS-20061113

LSsec has discovered a vulnerability in
Computer Associates BrightStor ARCserve
Backup v11.5, which could be exploited by
an anonymous attacker in order to execute
arbitrary code with SYSTEM privileges on
an affected system.

The flaw specifically exists within the
Tape Engine (tapeeng.exe) due to incorrect
handling of RPC requests on TCP port 6502.

For technical details please visit:

	http://www.lssec.com/charity.html

LSsecurity - LSsec.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC