OSVDB ID: 31318

Title: CA BrightStor ARCserve Backup ASCORE.dll (msgeng.exe) Multiple RPC Remote Overflow

Info

Disclosure

Oct 07, 2006

Discovery

Unknown

Dates

Exploit

Mar 15, 2007

Solution

Jan 11, 2007

Description

A buffer overflow exists in ARCserve Backup. The message engine fails to validate RPC requests on TCP ports 6503 and 6504 resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Private
Disclosure: Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA

BrightStor ARCserve Backup

r11.5

References

CVE ID: 2006-5143 (see also: NVD) 2007-0169 (see also: NVD)
Secunia Advisory ID: 23648
Metasploit ID: 31318
Keyword: dc246bf0-7a7a-11ce-9f88-00805fe43838 Opnum 43 Opnum 45 TCP Port 6503
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0088.html
http://archives.neohapsis.com/archives/bugtraq/2006-10/0093.html
http://archives.neohapsis.com/archives/bugtraq/2007-01/0340.html
http://archives.neohapsis.com/archives/vuln-dev/2007-q1/0011.html
http://archives.neohapsis.com/archives/vuln-dev/2007-q1/0021.html
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
Other Advisory URL: http://www.lssec.com/advisories/LS-20060313.pdf
http://www.lssec.com/advisories/LS-20060330.pdf
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-003.html
Generic Exploit URL: http://www.metasploit.com

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218