CA ARCserve Backup Authentication service invalid virtual function call

2012-11-09T00:00:00
ID SAINT:A2FF06DAD7CDE757144A752BECF629C1
Type saint
Reporter SAINT Corporation
Modified 2012-11-09T00:00:00

Description

Added: 11/09/2012
CVE: CVE-2012-2971
BID: 56116
OSVDB: 86416

Background

CA ARCserve Backup (formerly BrightStor ARCserve Backup) is a backup and recovery solution.

Problem

An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands.

Resolution

Apply one of the patches described in CA20121018-01.

References

<http://secunia.com/advisories/51012/>

Limitations

Exploit works on CA ARCserve Backup r16 on Windows Server 2003 SP2 English (DEP AlwaysOff).

Platforms

Windows