Search...

ARCserve Backup for Laptops & Desktops Server Admin Service Detection

2007-01-26T00:00:00

ID ARCSERVE_LGSERVER_ADMIN_DETECT.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

BrightStor ARCserve Backup for Laptops & Desktops Server (formerly BrightStor Mobile Backup Server), an enterprise class backup solution for remote and mobile Windows-based PCs, is installed on the remote host. And the service listening on this port is used by the application's Server Explorer to administer ARCserve Backup for Laptops & Desktops Server remotely.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(24239);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/22");

  script_name(english:"ARCserve Backup for Laptops & Desktops Server Admin Service Detection");
  script_summary(english:"Detects ARCserve Backup for Laptops & Desktops via discovery");

  script_set_attribute(attribute:"synopsis", value:
"There is a backup service running on the remote host.");
  script_set_attribute(attribute:"description", value:
"BrightStor ARCserve Backup for Laptops & Desktops Server (formerly
BrightStor Mobile Backup Server), an enterprise class backup solution
for remote and mobile Windows-based PCs, is installed on the remote
host.  And the service listening on this port is used by the
application's Server Explorer to administer ARCserve Backup for
Laptops & Desktops Server remotely.");
  script_set_attribute(attribute:"see_also", value:"https://www.ca.com/us.html");
  script_set_attribute(attribute:"solution", value:
"Limit incoming traffic to this port to hosts using Server Explorer.");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops");
  script_set_attribute(attribute:"asset_inventory", value:"True");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Service detection");

  script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("find_service_3digits.nasl");
  script_require_ports("Services/unknown", 1900);

  exit(0);
}


include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");


if (thorough_tests && !get_kb_item("global_settings/disable_service_discovery") )
{
  port = get_unknown_svc(1900);
  if (!port) exit(0);
}
else port = 1900;
if (known_service(port:port)) exit(0);
if (!get_tcp_port_state(port)) exit(0);


# Make sure the response to a HELP command looks right, unless we're being paranoid.
if (report_paranoia &lt; 2)
{
  help = get_kb_banner(port: port, type: "help");
  if (!isnull(help) && "0~~[32049] unknown function:" &gt;!&lt; help) exit(0, "The response to a 'HELP' isn't from ARCserve.");
}


soc = open_sock_tcp(port);
if (!soc) exit(0);


# Send some requests to gather some info.
info = "";
cmds = make_list(
  "rxrGetServerVersion", 
  "rxsGetComputerName", 
  "rxsGetDatabaseDir",
  "rxsGetDefaultConfigName", 
  "rxsGetRootOrganization"
);
foreach cmd (cmds)
{
  req = string(strlen(cmd));
  req = string(crap(data:'0', length:10-strlen(req)), req, cmd);
  send(socket:soc, data:req);

  len = recv(socket:soc, length:10);
  if (strlen(len) == 10 && int(len) &gt; 0)
  {
    res = recv(socket:soc, length:int(len));
    if (res == NULL) exit(0);

    # If we got a valid response...
    if (substr(res, 0, 2) == "1~~")
    {
      if (cmd == "rxrGetServerVersion") 
      {
        ver = substr(res, 3);
        info += "  Version :            " + ver + '\n';
        set_kb_item(name:"ARCSERVE/LGServer/Version", value:ver);

      }
      else if (cmd == "rxsGetComputerName")
      {
        info += "  Computer name :      " + substr(res, 3) + '\n';
      }
      else if (cmd == "rxsGetDatabaseDir")
      {
        info += "  Database directory : " + substr(res, 3) + '\n';
      }
      else if (cmd == "rxsGetDefaultConfigName")
      {
        info += "  Default config :     " + substr(res, 3) + '\n';
      }
      else if (cmd == "rxsGetRootOrganization")
      {
        info += "  Root organization :  " + substr(res, 3) + '\n';
      }
    }
  }
}


# Register and report the service if we were able to collect some info.
if (info)
{
  register_service(port:port, ipproto:"tcp", proto:"lgserver_admin");

  report = string(
    "Nessus was able to collect the following information from the\n",
    "discovery service running on the remote host :\n",
    "\n",
    info
  );
  security_note(port:port, extra:report);
}

JSON Vulners Source

Initial Source

{"id": "ARCSERVE_LGSERVER_ADMIN_DETECT.NASL", "bulletinFamily": "scanner", "title": "ARCserve Backup for Laptops & Desktops Server Admin Service Detection", "description": "BrightStor ARCserve Backup for Laptops & Desktops Server (formerly\nBrightStor Mobile Backup Server), an enterprise class backup solution\nfor remote and mobile Windows-based PCs, is installed on the remote\nhost. And the service listening on this port is used by the\napplication's Server Explorer to administer ARCserve Backup for\nLaptops & Desktops Server remotely.", "published": "2007-01-26T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/24239", "reporter": "This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.ca.com/us.html"], "cvelist": [], "type": "nessus", "lastseen": "2021-01-01T01:21:36", "edition": 23, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ARCSERVE_QO83833.NASL"]}], "modified": "2021-01-01T01:21:36", "rev": 2}, "score": {"value": 0.2, "vector": "NONE", "modified": "2021-01-01T01:21:36", "rev": 2}, "vulnersScore": 0.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24239);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"ARCserve Backup for Laptops & Desktops Server Admin Service Detection\");\n script_summary(english:\"Detects ARCserve Backup for Laptops & Desktops via discovery\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is a backup service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"BrightStor ARCserve Backup for Laptops & Desktops Server (formerly\nBrightStor Mobile Backup Server), an enterprise class backup solution\nfor remote and mobile Windows-based PCs, is installed on the remote\nhost. And the service listening on this port is used by the\napplication's Server Explorer to administer ARCserve Backup for\nLaptops & Desktops Server remotely.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ca.com/us.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port to hosts using Server Explorer.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service_3digits.nasl\");\n script_require_ports(\"Services/unknown\", 1900);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && !get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(1900);\n if (!port) exit(0);\n}\nelse port = 1900;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\n# Make sure the response to a HELP command looks right, unless we're being paranoid.\nif (report_paranoia < 2)\n{\n help = get_kb_banner(port: port, type: \"help\");\n if (!isnull(help) && \"0~~[32049] unknown function:\" >!< help) exit(0, \"The response to a 'HELP' isn't from ARCserve.\");\n}\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Send some requests to gather some info.\ninfo = \"\";\ncmds = make_list(\n \"rxrGetServerVersion\", \n \"rxsGetComputerName\", \n \"rxsGetDatabaseDir\",\n \"rxsGetDefaultConfigName\", \n \"rxsGetRootOrganization\"\n);\nforeach cmd (cmds)\n{\n req = string(strlen(cmd));\n req = string(crap(data:'0', length:10-strlen(req)), req, cmd);\n send(socket:soc, data:req);\n\n len = recv(socket:soc, length:10);\n if (strlen(len) == 10 && int(len) > 0)\n {\n res = recv(socket:soc, length:int(len));\n if (res == NULL) exit(0);\n\n # If we got a valid response...\n if (substr(res, 0, 2) == \"1~~\")\n {\n if (cmd == \"rxrGetServerVersion\") \n {\n ver = substr(res, 3);\n info += \" Version : \" + ver + '\\n';\n set_kb_item(name:\"ARCSERVE/LGServer/Version\", value:ver);\n\n }\n else if (cmd == \"rxsGetComputerName\")\n {\n info += \" Computer name : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDatabaseDir\")\n {\n info += \" Database directory : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetDefaultConfigName\")\n {\n info += \" Default config : \" + substr(res, 3) + '\\n';\n }\n else if (cmd == \"rxsGetRootOrganization\")\n {\n info += \" Root organization : \" + substr(res, 3) + '\\n';\n }\n }\n }\n}\n\n\n# Register and report the service if we were able to collect some info.\nif (info)\n{\n register_service(port:port, ipproto:\"tcp\", proto:\"lgserver_admin\");\n\n report = string(\n \"Nessus was able to collect the following information from the\\n\",\n \"discovery service running on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_note(port:port, extra:report);\n}\n", "naslFamily": "Service detection", "pluginID": "24239", "cpe": ["cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops"], "scheme": null}

{"nessus": [{"lastseen": "2021-01-01T01:21:36", "description": "According to its version, the installation of BrightStor ARCserve\nBackup for Laptops & Desktops Server on the remote host is affected by\nmultiple buffer overflows and denial of service vulnerabilities that\ncan be exploited by a remote attacker to execute arbitrary code on the\naffected host with LOCAL SYSTEM privileges or to crash the associated\nservices.", "edition": 26, "published": "2007-01-26T00:00:00", "title": "CA BrightStor ARCserve Backup for Laptops & Desktops Server Multiple Vulnerabilities (QO83833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0449", "CVE-2007-0672", "CVE-2007-0673"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops"], "id": "ARCSERVE_QO83833.NASL", "href": "https://www.tenable.com/plugins/nessus/24240", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24240);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2007-0449\", \"CVE-2007-0672\", \"CVE-2007-0673\");\n script_bugtraq_id(22199, 22337, 22339, 22340, 22342);\n\n script_name(english:\"CA BrightStor ARCserve Backup for Laptops & Desktops Server Multiple Vulnerabilities (QO83833)\");\n script_summary(english:\"Checks version of BrightStor ARCserve Backup for Laptops & Desktops Server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server software is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of BrightStor ARCserve\nBackup for Laptops & Desktops Server on the remote host is affected by\nmultiple buffer overflows and denial of service vulnerabilities that\ncan be exploited by a remote attacker to execute arbitrary code on the\naffected host with LOCAL SYSTEM privileges or to crash the associated\nservices.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jan/682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jan/683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jan/685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Jan/686\");\n # https://web.archive.org/web/20070206063608/http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a4ee8257\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch as described in the vendor advisory\nreferenced above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/01/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"arcserve_lgserver_admin_detect.nasl\");\n script_require_keys(\"ARCSERVE/LGServer/Version\");\n\n exit(0);\n}\n\n\nver = get_kb_item(\"ARCSERVE/LGServer/Version\");\nif (isnull(ver)) exit(0);\n\n\nmatches = eregmatch(string:ver, pattern:\"^([0-9]+\\.[0-9]+)\\.([0-9]+)$\");\nif (!isnull(matches))\n{\n ver = matches[1];\n build = int(matches[2]);\n\n if (\n (ver == \"11.1\" && build < 900) ||\n # nb: QI85497 says there's no patch for 11.0; the solution is to \n # upgrade to 11.1 and then apply BABLD r11.1 SP2.\n (ver == \"11.0\") ||\n # nb: QO85402 doesn't exist.\n (ver == \"4.0\")\n )\n {\n # Issue a report for each open port used by the server.\n port = get_kb_item(\"Services/lgserver\");\n if (port && get_tcp_port_state(port)) security_hole(port);\n\n port = get_kb_item(\"Services/lgserver_admin\");\n if (port && get_tcp_port_state(port)) security_hole(port);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}