Added: 12/26/2006
CVE: CVE-2006-6076
BID: 21221
OSVDB: 30637
The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage.
A buffer overflow vulnerability in the RPC ReserveGroup function allows remote attackers to execute arbitrary commands with SYSTEM privileges by sending a malformed RPC request to port 6502/TCP.
Apply one of the updates referenced in the Security Notice.
<http://www.kb.cert.org/vuls/id/437300>
<http://secunia.com/advisories/23060>
Exploit works on BrightStor ARCserve Backup 11.5.
Windows