CA ARCserve Backup caloggerd opcode 79 buffer overflow

2008-05-30T00:00:00
ID SAINT:1A472EA31EE48DD9D86A04897A0BE4FE
Type saint
Reporter SAINT Corporation
Modified 2008-05-30T00:00:00

Description

Added: 05/30/2008
CVE: CVE-2008-2242
BID: 29283
OSVDB: 45368

Background

CA ARCserve Backup (formerly BrightStor ARCserve Backup) is a backup and recovery solution. The logger daemon (**caloggerd**) is an RPC service which handles event logs.

Problem

A buffer overflow vulnerability in **caloggerd** allows remote attackers to execute arbitrary commands by sending it a specially crafted request with opcode 79.

Resolution

Apply one of the patches referenced in the CA Security Notice.

References

<https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798>

Limitations

Exploit works on CA ARCserve Backup r11.1 SP2 with patch KB933729 (rpcrt4.dll version 5.2.3790.4115) on Windows, and CA ARCserve Backup r11.5 on Red Hat Enterprise Linux 4.

Platforms

Windows 2000
Windows Server 2003
Linux