7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.911 High
EPSS
Percentile
98.8%
Added: 12/08/2006
CVE: CVE-2006-6379
BID: 21502
OSVDB: 30775
The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP.
A buffer overflow vulnerability in the **ASBRDCST.DLL**
library allows remote attackers to execute arbitrary commands by sending a specially crafted command of type 9b to the discovery service.
Apply a fix from Computer Associates.
<http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp>
Exploit works on BrightStor ARCserve Backup 11.1 SP2.
Windows