Lucene search

SAINT CorporationSAINT:AFD0DC6204D54294BA0B227874738615

HistoryDec 08, 2006 - 12:00 a.m.

BrightStor ARCserve Discovery service 9b command buffer overflow

2006-12-0800:00:00

SAINT Corporation

my.saintcorporation.com

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.911 High

EPSS

Percentile

98.9%

JSON

Added: 12/08/2006
CVE: CVE-2006-6379
BID: 21502
OSVDB: 30775

Background

The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP.

Problem

A buffer overflow vulnerability in the **ASBRDCST.DLL** library allows remote attackers to execute arbitrary commands by sending a specially crafted command of type 9b to the discovery service.

Resolution

Apply a fix from Computer Associates.

References

<http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp>

Limitations

Exploit works on BrightStor ARCserve Backup 11.1 SP2.

Platforms

Windows

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.911 High

EPSS

Percentile

98.9%

JSON

Related for SAINT:AFD0DC6204D54294BA0B227874738615