BrightStor ARCserve Backup LGServer rxsUseLicenseIni buffer overflow

2008-01-11T00:00:00
ID SAINT:58F4061114E890C4F0819ADA685DFAB3
Type saint
Reporter SAINT Corporation
Modified 2008-01-11T00:00:00

Description

Added: 01/11/2008
CVE: CVE-2007-3216
BID: 24348
OSVDB: 35329

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in the **rxsUseLicenseIni** function allows remote attackers to execute arbitrary commands by sending a specially crafted request to the LGServer on port 1900.

Resolution

Apply one of the updates referenced in the Security Notice.

References

<http://www.frsirt.com/english/advisories/2007/2121>

Limitations

Exploit works on BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP1.

Platforms

Windows 2000
Windows Server 2003