ISS X-Force Database: brightstor-enterprise-backup-bo(21656): Computer Associates (CA) BrightStor ARCserve Backup and Enterprise Backup buffer overflow

Computer Associates (CA) BrightStor ARCserve Backup and Enterprise Backup buffer overflow

brightstor-enterprise-backup-bo (21656)

High Risk

Description:

CA BrightStor ARCserve Backup is vulnerable to a stack-based buffer overflow caused by improper bounds checking of user-supplied input with data sent to port 6070. By sending a string containing more than 3168 bytes to port 6070, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges, or possibly cause a denial of service.

Consequences:

Gain Access

Remedy:

For BrightStor ARCserve Backup r11.1:
Apply the APAR Q071010 fix for this vulnerability, available from the Computer Associates SupportConnect Web page. See References.

For BrightStor ARCserve Backup r11.0:
Apply the APAR Q070769 fix for this vulnerability, available from the Computer Associates SupportConnect Web page. See References.

For BrightStor ARCserve Backup 9.01:
Apply the APAR Q070770 fix for this vulnerability, available from the Computer Associates SupportConnect Web page. See References.

For BrightStor Enterprise Backup 10.5:
Apply the APAR Q070774 fix for this vulnerability, available from the Computer Associates SupportConnect Web page. See References.

For BrightStor Enterprise Backup 10.0:
Apply the APAR Q070773 fix for this vulnerability, available from the Computer Associates SupportConnect Web page. See References.

References:

BrightStor ARCserve Backup Web page: BrightStor ARCserve Backup.
CA SupportConnect Web site: Fix: Q070770.
CA SupportConnect Web site: Fix: Q070773.
CA SupportConnect Web site: Fix: Q070774.
CA SupportConnect Web site: Fix: Q070769.
CA SupportConnect Web site: Fix: Q071010 QO70767.
CIAC Information Bulletin P-263: BrightStor ARCserve for MS SQL Server Buffer Overflow.
Computer Associates Vulnerability Information Center: Computer Associates BrightStor ARCserve Backup Agents buffer overflow vulnerability.
Full-Disclosure Mailing List, Tue Aug 02 2005 - 14:09:58 CDT: CAID 33239 - Computer Associates BrightStor ARCserve/Enterprise Backup Agents buffer overflow vulnerability.
iDEFENSE Security Advisory 08.02.05: CA BrightStor ARCserve Backup Agent for MS SQL Server Buffer Overflow.
BID-14453: Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability
CVE-2005-1272: Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
US-CERT VU#279774: Computer Associates BrightStor ARCserve Backup Agents vulnerable to buffer overflow

Platforms Affected:

CA BrightStor ARCserve Backup for Windows 11
CA BrightStor ARCserve Backup for Windows 11.1
CA BrightStor ARCserve Backup for Windows 9.01
CA BrightStor Enterprise Backup 10.0 Windows
CA BrightStor Enterprise Backup 10.5

Reported:

Aug 02, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page