ARCserve Backup for Laptops & Desktops Server Admin Service Detection
2007-01-26T00:00:00
ID ARCSERVE_LGSERVER_ADMIN_DETECT.NASL Type nessus Reporter Tenable Modified 2017-04-28T00:00:00
Description
BrightStor ARCserve Backup for Laptops & Desktops Server (formerly BrightStor Mobile Backup Server), an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by the application's Server Explorer to administer ARCserve Backup for Laptops & Desktops Server remotely.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(24239);
script_version("$Revision: 1.12 $");
script_cvs_date("$Date: 2017/04/28 14:01:58 $");
script_name(english:"ARCserve Backup for Laptops & Desktops Server Admin Service Detection");
script_summary(english:"Detects ARCserve Backup for Laptops & Desktops via discovery");
script_set_attribute(attribute:"synopsis", value:
"There is a backup service running on the remote host.");
script_set_attribute(attribute:"description", value:
"BrightStor ARCserve Backup for Laptops & Desktops Server (formerly
BrightStor Mobile Backup Server), an enterprise class backup solution
for remote and mobile Windows-based PCs, is installed on the remote
host. And the service listening on this port is used by the
application's Server Explorer to administer ARCserve Backup for
Laptops & Desktops Server remotely.");
script_set_attribute(attribute:"see_also", value:"https://www.ca.com/us.html");
script_set_attribute(attribute:"solution", value:
"Limit incoming traffic to this port to hosts using Server Explorer.");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Service detection");
script_copyright(english:"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.");
script_dependencies("find_service_3digits.nasl");
script_require_ports("Services/unknown", 1900);
exit(0);
}
include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");
if (thorough_tests && !get_kb_item("global_settings/disable_service_discovery") )
{
port = get_unknown_svc(1900);
if (!port) exit(0);
}
else port = 1900;
if (known_service(port:port)) exit(0);
if (!get_tcp_port_state(port)) exit(0);
# Make sure the response to a HELP command looks right, unless we're being paranoid.
if (report_paranoia < 2)
{
help = get_kb_banner(port: port, type: "help");
if (!isnull(help) && "0~~[32049] unknown function:" >!< help) exit(0, "The response to a 'HELP' isn't from ARCserve.");
}
soc = open_sock_tcp(port);
if (!soc) exit(0);
# Send some requests to gather some info.
info = "";
cmds = make_list(
"rxrGetServerVersion",
"rxsGetComputerName",
"rxsGetDatabaseDir",
"rxsGetDefaultConfigName",
"rxsGetRootOrganization"
);
foreach cmd (cmds)
{
req = string(strlen(cmd));
req = string(crap(data:'0', length:10-strlen(req)), req, cmd);
send(socket:soc, data:req);
len = recv(socket:soc, length:10);
if (strlen(len) == 10 && int(len) > 0)
{
res = recv(socket:soc, length:int(len));
if (res == NULL) exit(0);
# If we got a valid response...
if (substr(res, 0, 2) == "1~~")
{
if (cmd == "rxrGetServerVersion")
{
ver = substr(res, 3);
info += " Version : " + ver + '\n';
set_kb_item(name:"ARCSERVE/LGServer/Version", value:ver);
}
else if (cmd == "rxsGetComputerName")
{
info += " Computer name : " + substr(res, 3) + '\n';
}
else if (cmd == "rxsGetDatabaseDir")
{
info += " Database directory : " + substr(res, 3) + '\n';
}
else if (cmd == "rxsGetDefaultConfigName")
{
info += " Default config : " + substr(res, 3) + '\n';
}
else if (cmd == "rxsGetRootOrganization")
{
info += " Root organization : " + substr(res, 3) + '\n';
}
}
}
}
# Register and report the service if we were able to collect some info.
if (info)
{
register_service(port:port, ipproto:"tcp", proto:"lgserver_admin");
report = string(
"Nessus was able to collect the following information from the\n",
"discovery service running on the remote host :\n",
"\n",
info
);
security_note(port:port, extra:report);
}
{"hash": "05381f5f25e968f1ff57b3d378522f433433c9933866d8c9a874397f08824821", "naslFamily": "Service detection", "id": "ARCSERVE_LGSERVER_ADMIN_DETECT.NASL", "lastseen": "2017-10-29T13:44:07", "viewCount": 1, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7b8d2114ec91311d854e21e2699d5b85", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "1bb47537453056daa0b118977b274ce5", "key": "description"}, {"hash": "d4e11433a2201240eb14f0a7089dc5e0", "key": "href"}, {"hash": "ba7ca754b44869dae389b89ab1086045", "key": "modified"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "b83612231364b4cde46b9282b2d4d054", "key": "pluginID"}, {"hash": "77c9572deefee9b70523a0ad5cedd387", "key": "published"}, {"hash": "1fbde17c1c4321ae0d4342a8c0b317e1", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b2e727390cd5b0ef840f72b61476c1bc", "key": "sourceData"}, {"hash": "f53a8849b02aa61c7dc2438e3d32d14d", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops"], "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 3, "enchantments": {"vulnersScore": 5.0}, "type": "nessus", "description": "BrightStor ARCserve Backup for Laptops & Desktops Server (formerly BrightStor Mobile Backup Server), an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by the application's Server Explorer to administer ARCserve Backup for Laptops & Desktops Server remotely.", "title": "ARCserve Backup for Laptops & Desktops Server Admin Service Detection", "history": [{"bulletin": {"hash": "3f0706bea34e291b6a69efd836e36ff71c9e3827bec1aaebe65c2b464f3b62c9", "naslFamily": "Service detection", "edition": 2, "lastseen": "2017-04-28T18:46:37", "enchantments": {}, "hashmap": [{"hash": "ba7ca754b44869dae389b89ab1086045", "key": "modified"}, {"hash": "b83612231364b4cde46b9282b2d4d054", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4e11433a2201240eb14f0a7089dc5e0", "key": "href"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "1bb47537453056daa0b118977b274ce5", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "1fbde17c1c4321ae0d4342a8c0b317e1", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "77c9572deefee9b70523a0ad5cedd387", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f53a8849b02aa61c7dc2438e3d32d14d", "key": "title"}, {"hash": "b2e727390cd5b0ef840f72b61476c1bc", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "ARCSERVE_LGSERVER_ADMIN_DETECT.NASL", "type": "nessus", "description": "BrightStor ARCserve Backup for Laptops & Desktops Server (formerly BrightStor Mobile Backup Server), an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by the application's Server Explorer to administer ARCserve Backup for Laptops & Desktops Server remotely.", "viewCount": 1, "title": "ARCserve Backup for Laptops & Desktops Server Admin Service Detection", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.2", "cvelist": [], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24239);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2017/04/28 14:01:58 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Admin Service Detection\");\n script_summary(english:\"Detects ARCserve Backup for Laptops & Desktops via discovery\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server (formerly\nBrightStor Mobile Backup Server), an enterprise class backup solution\nfor remote and mobile Windows-based PCs, is installed on the remote\nhost. And the service listening on this port is used by the\napplication's Server Explorer to administer ARCserve Backup for\nLaptops & Desktops Server remotely.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ca.com/us.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port to hosts using Server Explorer.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service_3digits.nasl\");\n script_require_ports(\"Services/unknown\", 1900);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && !get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(1900);\n if (!port) exit(0);\n}\nelse port = 1900;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\n# Make sure the response to a HELP command looks right, unless we're being paranoid.\nif (report_paranoia < 2)\n{\n help = get_kb_banner(port: port, type: \"help\");\n if (!isnull(help) && \"0~~[32049] unknown function:\" >!< help) exit(0, \"The response to a 'HELP' isn't from ARCserve.\");\n}\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Send some requests to gather some info.\ninfo = \"\";\ncmds = make_list(\n \"rxrGetServerVersion\", \n \"rxsGetComputerName\", \n \"rxsGetDatabaseDir\",\n \"rxsGetDefaultConfigName\", \n \"rxsGetRootOrganization\"\n);\nforeach cmd (cmds)\n{\n req = string(strlen(cmd));\n req = string(crap(data:'0', length:10-strlen(req)), req, cmd);\n send(socket:soc, data:req);\n\n len = recv(socket:soc, length:10);\n if (strlen(len) == 10 && int(len) > 0)\n {\n res = recv(socket:soc, length:int(len));\n if (res == NULL) exit(0);\n\n # If we got a valid response...\n if (substr(res, 0, 2) == \"1~~\")\n {\n if (cmd == \"rxrGetServerVersion\") \n {\n ver = substr(res, 3);\n info += \" Version : \" + ver + '\\n';\n set_kb_item(name:\"ARCSERVE/LGServer/Version\", value:ver);\n\n }\n else if (cmd == \"rxsGetComputerName\")\n {\n info += \" Computer name : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDatabaseDir\")\n {\n info += \" Database directory : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDefaultConfigName\")\n {\n info += \" Default config : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetRootOrganization\")\n {\n info += \" Root organization : \" + substr(res, 3) + '\\n';\n }\n }\n }\n}\n\n\n# Register and report the service if we were able to collect some info.\nif (info)\n{\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver_admin\");\n\n report = string(\n \"Nessus was able to collect the following information from the\\n\",\n \"discovery service running on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_note(port:port, extra:report);\n}\n", "published": "2007-01-26T00:00:00", "pluginID": "24239", "references": ["https://www.ca.com/us.html"], "reporter": "Tenable", "modified": "2017-04-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24239"}, "lastseen": "2017-04-28T18:46:37", "edition": 2, "differentElements": ["cpe"]}, {"bulletin": {"hash": "f452ffb723e7eace9656aa45ec166924840288e9d903fc748bbfd28ca37f3f2d", "naslFamily": "Service detection", "edition": 1, "lastseen": "2016-09-26T17:26:15", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "253070b2147836c5b000d6f0e62c8663", "key": "modified"}, {"hash": "b83612231364b4cde46b9282b2d4d054", "key": "pluginID"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d4e11433a2201240eb14f0a7089dc5e0", "key": "href"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "1bb47537453056daa0b118977b274ce5", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "77c9572deefee9b70523a0ad5cedd387", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f53a8849b02aa61c7dc2438e3d32d14d", "key": "title"}, {"hash": "2546397871454582ec175171fdce00a0", "key": "sourceData"}, {"hash": "87526fc33e5ce8ef74bd05bd2dc4f52b", "key": "references"}], "bulletinFamily": "exploit", "history": [], "id": "ARCSERVE_LGSERVER_ADMIN_DETECT.NASL", "type": "nessus", "description": "BrightStor ARCserve Backup for Laptops & Desktops Server (formerly BrightStor Mobile Backup Server), an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by the application's Server Explorer to administer ARCserve Backup for Laptops & Desktops Server remotely.", "title": "ARCserve Backup for Laptops & Desktops Server Admin Service Detection", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.2", "cvelist": [], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24239);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2011/10/21 01:22:51 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Admin Service Detection\");\n script_summary(english:\"Detects ARCserve Backup for Laptops & Desktops via discovery\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server (formerly\nBrightStor Mobile Backup Server), an enterprise class backup solution\nfor remote and mobile Windows-based PCs, is installed on the remote\nhost. And the service listening on this port is used by the\napplication's Server Explorer to administer ARCserve Backup for\nLaptops & Desktops Server remotely.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www3.ca.com/smb/product.aspx?id=5286\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port to hosts using Server Explorer.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service_3digits.nasl\");\n script_require_ports(\"Services/unknown\", 1900);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && !get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(1900);\n if (!port) exit(0);\n}\nelse port = 1900;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\n# Make sure the response to a HELP command looks right, unless we're being paranoid.\nif (report_paranoia < 2)\n{\n help = get_kb_banner(port: port, type: \"help\");\n if (!isnull(help) && \"0~~[32049] unknown function:\" >!< help) exit(0, \"The response to a 'HELP' isn't from ARCserve.\");\n}\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Send some requests to gather some info.\ninfo = \"\";\ncmds = make_list(\n \"rxrGetServerVersion\", \n \"rxsGetComputerName\", \n \"rxsGetDatabaseDir\",\n \"rxsGetDefaultConfigName\", \n \"rxsGetRootOrganization\"\n);\nforeach cmd (cmds)\n{\n req = string(strlen(cmd));\n req = string(crap(data:'0', length:10-strlen(req)), req, cmd);\n send(socket:soc, data:req);\n\n len = recv(socket:soc, length:10);\n if (strlen(len) == 10 && int(len) > 0)\n {\n res = recv(socket:soc, length:int(len));\n if (res == NULL) exit(0);\n\n # If we got a valid response...\n if (substr(res, 0, 2) == \"1~~\")\n {\n if (cmd == \"rxrGetServerVersion\") \n {\n ver = substr(res, 3);\n info += \" Version : \" + ver + '\\n';\n set_kb_item(name:\"ARCSERVE/LGServer/Version\", value:ver);\n\n }\n else if (cmd == \"rxsGetComputerName\")\n {\n info += \" Computer name : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDatabaseDir\")\n {\n info += \" Database directory : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDefaultConfigName\")\n {\n info += \" Default config : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetRootOrganization\")\n {\n info += \" Root organization : \" + substr(res, 3) + '\\n';\n }\n }\n }\n}\n\n\n# Register and report the service if we were able to collect some info.\nif (info)\n{\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver_admin\");\n\n report = string(\n \"Nessus was able to collect the following information from the\\n\",\n \"discovery service running on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_note(port:port, extra:report);\n}\n", "published": "2007-01-26T00:00:00", "pluginID": "24239", "references": ["http://www3.ca.com/smb/product.aspx?id=5286"], "reporter": "Tenable", "modified": "2011-10-21T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24239"}, "lastseen": "2016-09-26T17:26:15", "edition": 1, "differentElements": ["references", "modified", "sourceData"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24239);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2017/04/28 14:01:58 $\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Admin Service Detection\");\n script_summary(english:\"Detects ARCserve Backup for Laptops & Desktops via discovery\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server (formerly\nBrightStor Mobile Backup Server), an enterprise class backup solution\nfor remote and mobile Windows-based PCs, is installed on the remote\nhost. And the service listening on this port is used by the\napplication's Server Explorer to administer ARCserve Backup for\nLaptops & Desktops Server remotely.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ca.com/us.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port to hosts using Server Explorer.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service_3digits.nasl\");\n script_require_ports(\"Services/unknown\", 1900);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && !get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(1900);\n if (!port) exit(0);\n}\nelse port = 1900;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\n# Make sure the response to a HELP command looks right, unless we're being paranoid.\nif (report_paranoia < 2)\n{\n help = get_kb_banner(port: port, type: \"help\");\n if (!isnull(help) && \"0~~[32049] unknown function:\" >!< help) exit(0, \"The response to a 'HELP' isn't from ARCserve.\");\n}\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Send some requests to gather some info.\ninfo = \"\";\ncmds = make_list(\n \"rxrGetServerVersion\", \n \"rxsGetComputerName\", \n \"rxsGetDatabaseDir\",\n \"rxsGetDefaultConfigName\", \n \"rxsGetRootOrganization\"\n);\nforeach cmd (cmds)\n{\n req = string(strlen(cmd));\n req = string(crap(data:'0', length:10-strlen(req)), req, cmd);\n send(socket:soc, data:req);\n\n len = recv(socket:soc, length:10);\n if (strlen(len) == 10 && int(len) > 0)\n {\n res = recv(socket:soc, length:int(len));\n if (res == NULL) exit(0);\n\n # If we got a valid response...\n if (substr(res, 0, 2) == \"1~~\")\n {\n if (cmd == \"rxrGetServerVersion\") \n {\n ver = substr(res, 3);\n info += \" Version : \" + ver + '\\n';\n set_kb_item(name:\"ARCSERVE/LGServer/Version\", value:ver);\n\n }\n else if (cmd == \"rxsGetComputerName\")\n {\n info += \" Computer name : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDatabaseDir\")\n {\n info += \" Database directory : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDefaultConfigName\")\n {\n info += \" Default config : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetRootOrganization\")\n {\n info += \" Root organization : \" + substr(res, 3) + '\\n';\n }\n }\n }\n}\n\n\n# Register and report the service if we were able to collect some info.\nif (info)\n{\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver_admin\");\n\n report = string(\n \"Nessus was able to collect the following information from the\\n\",\n \"discovery service running on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_note(port:port, extra:report);\n}\n", "published": "2007-01-26T00:00:00", "pluginID": "24239", "references": ["https://www.ca.com/us.html"], "reporter": "Tenable", "modified": "2017-04-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24239"}
{"result": {"nessus": [{"lastseen": "2017-10-29T13:40:30", "references": ["http://seclists.org/bugtraq/2007/Jan/682", "http://seclists.org/bugtraq/2007/Jan/683", "http://www.nessus.org/u?a4ee8257", "http://seclists.org/bugtraq/2007/Jan/685", "http://seclists.org/bugtraq/2007/Jan/686"], "pluginID": "24240", "description": "According to its version, the installation of BrightStor ARCserve Backup for Laptops & Desktops Server on the remote host is affected by multiple buffer overflows and denial of service vulnerabilities that can be exploited by a remote attacker to execute arbitrary code on the affected host with LOCAL SYSTEM privileges or to crash the associated services.", "edition": 4, "reporter": "Tenable", "published": "2007-01-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "nessus", "title": "CA BrightStor ARCserve Backup for Laptops & Desktops Server Multiple Vulnerabilities (QO83833)", "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0449", "CVE-2007-0672", "CVE-2007-0673"], "cpe": ["cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops"], "modified": "2017-04-28T00:00:00", "id": "ARCSERVE_QO83833.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24240", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24240);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2017/04/28 14:01:58 $\");\n\n script_cve_id(\"CVE-2007-0449\", \"CVE-2007-0672\", \"CVE-2007-0673\");\n script_bugtraq_id(22199, 22337, 22339, 22340, 22342);\n script_osvdb_id(31593, 32948, 32949);\n\n script_name(english:\"CA BrightStor ARCserve Backup for Laptops & Desktops Server Multiple Vulnerabilities (QO83833)\");\n script_summary(english:\"Checks version of BrightStor ARCserve Backup for Laptops & Desktops Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server software is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of BrightStor ARCserve\nBackup for Laptops & Desktops Server on the remote host is affected by\nmultiple buffer overflows and denial of service vulnerabilities that\ncan be exploited by a remote attacker to execute arbitrary code on the\naffected host with LOCAL SYSTEM privileges or to crash the associated\nservices.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2007/Jan/682\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2007/Jan/683\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2007/Jan/685\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2007/Jan/686\");\n # https://web.archive.org/web/20070206063608/http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a4ee8257\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch as described in the vendor advisory\nreferenced above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"arcserve_lgserver_admin_detect.nasl\");\n script_require_keys(\"ARCSERVE/LGServer/Version\");\n\n exit(0);\n}\n\n\nver = get_kb_item(\"ARCSERVE/LGServer/Version\");\nif (isnull(ver)) exit(0);\n\n\nmatches = eregmatch(string:ver, pattern:\"^([0-9]+\\.[0-9]+)\\.([0-9]+)$\");\nif (!isnull(matches))\n{\n ver = matches[1];\n build = int(matches[2]);\n\n if (\n (ver == \"11.1\" && build < 900) ||\n # nb: QI85497 says there's no patch for 11.0; the solution is to \n # upgrade to 11.1 and then apply BABLD r11.1 SP2.\n (ver == \"11.0\") ||\n # nb: QO85402 doesn't exist.\n (ver == \"4.0\")\n )\n {\n # Issue a report for each open port used by the server.\n port = get_kb_item(\"Services/lgserver\");\n if (port && get_tcp_port_state(port)) security_hole(port);\n\n port = get_kb_item(\"Services/lgserver_admin\");\n if (port && get_tcp_port_state(port)) security_hole(port);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
