BrightStor ARCserve LGServer buffer overflow

2007-02-02T00:00:00
ID SAINT:17867A60CC8CA6EA88789A5EEAB306FD
Type saint
Reporter SAINT Corporation
Modified 2007-02-02T00:00:00

Description

Added: 02/02/2007
CVE: CVE-2007-0449
BID: 22342
OSVDB: 31593

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in BrightStor ARCserve Backup for Laptops and Desktops allows remote attackers to execute arbitrary commands by sending a long request to the **LGServer.exe** process.

Resolution

Install one of the fixes referenced in the Security Notice.

References

<http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993>
<http://www.securityfocus.com/archive/1/458648>

Limitations

Exploit works on BrightStor ARCserve Backup for Laptops and Desktops r11.1.

Platforms

Windows