OSVDB ID: 35329

Title: CA BrightStor ARCserve Backup for Laptops & Desktops Multiple Overflows

Info

Disclosure

Sep 20, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 20, 2007

Description

Multiple buffer overflows exist in ARCserve Backup for Laptops & Desktops. The LGServer fails to validate data passed to multiple parameters resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA	ARCserve Backup for Laptops and Desktops	11.1 SP2
		11.2 SP2
		11.1
		11.0
		11.5
		4.0
	Desktop Management Suite	11.1
		11.0
		11.2
	Protection Suites	r2

References

Security Tracker: 1018216
CVE ID: 2007-3216 (see also: NVD)
Bugtraq ID: 24348
Secunia Advisory ID: 25606
SCIP VulDB ID: 3112
Metasploit ID: 35329
VUPEN Advisory: ADV-2007-2121
Other Advisory URL: http://research.eeye.com/html/advisories/upcoming/20070604.html
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp
Generic Exploit URL: http://www.metasploit.com

Credit

Sean Larsson - Verisign iDefense Labs

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

CA

ARCserve Backup for Laptops and Desktops

Desktop Management Suite

Protection Suites

References

Credit