Lucene search
SAINT CorporationSAINT:99268F91F9C46E515744603668E929C1HistoryJan 24, 2007 - 12:00 a.m.
BrightStor ARCserve Message Engine opnum 0x75 buffer overflow
2007-01-2400:00:00
SAINT Corporation
download.saintcorporation.com
8
0.943 High
EPSS
Percentile
99.2%
Added: 01/24/2007
CVE: CVE-2007-0169
BID: 22005
OSVDB: 31318
Background
The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default.
Problem
A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary commands by sending a specially crafted request with opnum 0x75 to the Message Engine RPC service.
Resolution
Apply the patch referenced in the Security Notice.
References
<http://www.zerodayinitiative.com/advisories/ZDI-07-003.html>
<http://www.kb.cert.org/vuls/id/180336>
Limitations
Exploit works on BrightStor ARCserve Backup r11.5 SP2.
Platforms
Windows 2000
Windows Server 2003
Related
securityvulns
securityvulns
saint
saint
BrightStor ARCserve Message Engine opnum 0x2f buffer overflow
2007-01-19 00:00:00
BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow
2007-02-09 00:00:00
BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow
2007-02-09 00:00:00
checkpoint_advisories
checkpoint_advisories
zdi
zdi
CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
cve
cve
CVE-2007-0169
2007-01-11 22:28:00
packetstorm
packetstorm
CA BrightStor ARCserve Message Engine Buffer Overflow
2009-11-26 00:00:00
prion
prion
Buffer overflow
2007-01-11 22:28:00
cvelist
cvelist
CVE-2007-0169
2007-01-11 22:00:00
cert
cert
CA BrightStor ARCserve Backup Message Engine RPC buffer overflow
2007-01-12 00:00:00
CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow
2007-01-12 00:00:00
nessus
nessus
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)
2007-01-15 00:00:00