Lucene search

SAINT CorporationSAINT:53FCF127771E89CD8C76DA47C3BF6B4B

HistoryDec 08, 2006 - 12:00 a.m.

BrightStor ARCserve Discovery service 9b command buffer overflow

2006-12-0800:00:00

SAINT Corporation

download.saintcorporation.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.912 High

EPSS

Percentile

98.6%

JSON

Added: 12/08/2006
CVE: CVE-2006-6379
BID: 21502
OSVDB: 30775

Background

The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP.

Problem

A buffer overflow vulnerability in the **ASBRDCST.DLL** library allows remote attackers to execute arbitrary commands by sending a specially crafted command of type 9b to the discovery service.

Resolution

Apply a fix from Computer Associates.

References

<http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp>

Limitations

Exploit works on BrightStor ARCserve Backup 11.1 SP2.

Platforms

Windows

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.912 High

EPSS

Percentile

98.6%

JSON

Related for SAINT:53FCF127771E89CD8C76DA47C3BF6B4B