Lucene search
SAINT CorporationSAINT:61E1FD9B2D4C924712BAA0399CB1ADA4HistoryJan 19, 2007 - 12:00 a.m.
BrightStor ARCserve Message Engine opnum 0x2f buffer overflow
2007-01-1900:00:00
SAINT Corporation
www.saintcorporation.com
11
0.934 High
EPSS
Percentile
98.8%
Added: 01/19/2007
CVE: CVE-2007-0169
BID: 22005
OSVDB: 31318
Background
The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default.
Problem
A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary commands by sending a specially crafted request with opnum 0x2f to the Message Engine RPC service.
Resolution
Apply the patch referenced in the Security Notice.
References
<http://www.zerodayinitiative.com/advisories/ZDI-07-003.html>
<http://www.kb.cert.org/vuls/id/180336>
Limitations
Exploit works on BrightStor ARCserve Backup r11.5 SP2.
Platforms
Windows
Related
securityvulns
securityvulns
saint
saint
BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow
2007-02-09 00:00:00
BrightStor ARCserve Message Engine opnum 0x75 buffer overflow
2007-01-24 00:00:00
BrightStor ARCserve Message Engine opnum 0x2f buffer overflow
2007-01-19 00:00:00
zdi
zdi
CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
cve
cve
CVE-2007-0169
2007-01-11 22:28:00
packetstorm
packetstorm
CA BrightStor ARCserve Message Engine Buffer Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Buffer overflow
2007-01-11 22:28:00
cert
cert
CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow
2007-01-12 00:00:00
CA BrightStor ARCserve Backup Message Engine RPC buffer overflow
2007-01-12 00:00:00
nessus
nessus
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)
2007-01-15 00:00:00