29533 : CA Multiple Products DBASVR.exe Multiple RPC Routine Remote Overflow
Printer | http://osvdb.org/29533 | Email This | Edit Vulnerability

Views This Week

6

Views All Time

177

Info

Last Modified

6 months ago

Percent Complete

5%

Disclosure

Oct 05, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 5% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Classification

Attack Type: Input Manipulation

Products

Unknown or Incomplete

References

CVE ID: 2006-5143 (see also: NVD)
Secunia Advisory ID: 22285
Related OSVDB ID: 29534 29535
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0075.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0101.html
Other Advisory URL: http://livesploit.com/advisories/LS-20060330.pdf
http://www.tippingpoint.com/security/advisories/TSRT-06-11.html
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
Keyword: LS-20060330 TCP Port 6071

Tools & Filters

Snort	10030 10031 10032 10033 10034 10035 9441 9442 9443 9444 9445 9446
Nessus	22510 22511

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

User Status

Account
- Login
- Sign-Up

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use