CA ARCserve Backup LGServer handshake buffer overflow

2008-08-11T00:00:00
ID SAINT:5A3647F344BBCF98FC158C3C6E3AEA48
Type saint
Reporter SAINT Corporation
Modified 2008-08-11T00:00:00

Description

Added: 08/11/2008
CVE: CVE-2008-3175
BID: 30472
OSVDB: 47545

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in the **LGServer.exe** server process allows remote attackers to execute arbitrary commands by sending a specially crafted handshake response.

Resolution

Apply one of the fixes referenced in the CA Security Notice.

References

<http://www.securityfocus.com/archive/1/495020>

Limitations

Exploit works on CA ARCserve Backup for Laptops and Desktops r11.1 SP2 with patch QO91014.

Platforms

Windows