BrightStor ARCserve Backup LGServer directory traversal

2008-02-15T00:00:00
ID SAINT:8F0382B182471F8680F33F793D23AD3C
Type saint
Reporter SAINT Corporation
Modified 2008-02-15T00:00:00

Description

Added: 02/15/2008
CVE: CVE-2007-5005
BID: 24348
OSVDB: 41350

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A directory traversal vulnerability in **rxRPC.dll** in the **rxrReceiveFileFromServer** function allows remote attackers to overwrite arbitrary files, leading to command execution.

Resolution

Apply the appropriate update referenced in the Security Notice.

References

<http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676>
<http://secunia.com/advisories/25606>

Limitations

Exploit overwrites the file **licreg.dll**, which will affect any functions which use this DLL. The DLL would need to be restored, possibly by re-installing the software, in order to restore functionality. For this reason, this exploit does not run during automated penetration tests.

Exploit works on ARCserve Backup for Laptops and Desktops 11.1.

Exploit requires the String-CRC32 PERL module, which is available from www.cpan.org.

Platforms

Windows