Lucene search

K
saintSAINT CorporationSAINT:62787F949E8B6DDA17BEBFCA495BA360
HistoryNov 01, 2007 - 12:00 a.m.

BrightStor ARCserve Backup LGServer rxrLogin buffer overflow

2007-11-0100:00:00
SAINT Corporation
download.saintcorporation.com
13

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.941 High

EPSS

Percentile

99.0%

Added: 11/01/2007
CVE: CVE-2007-5003
BID: 24348
OSVDB: 41353

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in the rxrLogin function allows remote attackers to execute arbitrary commands by sending a specially crafted request to the LGServer on port 1900.

Resolution

Install one of the patches referenced in the security notice.

References

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599&gt;

Limitations

Exploit works on BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP2.

Platforms

Windows 2000
Windows Server 2003

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.941 High

EPSS

Percentile

99.0%