Lucene search

K
saintSAINT CorporationSAINT:6300D0BD9DD0A864B34E6D8E143AA914
HistoryDec 26, 2006 - 12:00 a.m.

BrightStor ARCserve Backup Tape Engine ReserveGroup buffer overflow

2006-12-2600:00:00
SAINT Corporation
www.saintcorporation.com
18

EPSS

0.353

Percentile

97.2%

Added: 12/26/2006
CVE: CVE-2006-6076
BID: 21221
OSVDB: 30637

Background

The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage.

Problem

A buffer overflow vulnerability in the RPC ReserveGroup function allows remote attackers to execute arbitrary commands with SYSTEM privileges by sending a malformed RPC request to port 6502/TCP.

Resolution

Apply one of the updates referenced in the Security Notice.

References

<http://www.kb.cert.org/vuls/id/437300&gt;
<http://secunia.com/advisories/23060&gt;

Limitations

Exploit works on BrightStor ARCserve Backup 11.5.

Platforms

Windows