Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:E87B73E4B52E8764D5697EB741B2B060
HistoryAug 07, 2006 - 12:00 a.m.

BrightStor ARCserve Universal Agent buffer overflow

2006-08-0700:00:00
SAINT Corporation
my.saintcorporation.com
20

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.965

Percentile

99.6%

JSON

Added: 08/07/2006
CVE: CVE-2005-1018
BID: 13102
OSVDB: 15471

Background

The BrightStor ARCserve Backup family of products includes a Universal Agent which listens for connections on port 6050/TCP.

Problem

A buffer overflow in the Universal Agent allows remote attackers to execute arbitrary commands by sending a specially crafted argument before the option field.

Resolution

Apply one of the patches referenced in the iDEFENSE advisory.

References

<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=232&gt;

Limitations

Exploit works on BrightStor ARCserve Backup 11.1 on Windows 2000 SP4. The vulnerable component, Universal Agent, is contained in the BrightStor ARCserve Backup Client package. Due to the nature of the vulnerability, the success of the exploit depends upon the state of the system at the time the exploit is attempted.

Platforms

Windows

Related

metasploit 1
cvelist 1
cve 1
nessus 1
securityvulns 2
saint 3
nvd 1
checkpoint_advisories 1
packetstorm 1
exploitdb 1
metasploit
metasploit
CA BrightStor Universal Agent Overflow
2005-12-05 04:57:41
cvelist
cvelist
CVE-2005-1018
2005-04-12 04:00:00
cve
cve
CVE-2005-1018
2005-05-02 04:00:00
nessus
nessus
CA BrightStor ARCserve Backup Universal Agent Remote Overflow (QO66526)
2005-04-13 00:00:00
securityvulns
securityvulns
Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability
2005-04-15 00:00:00
iDEFENSE Security Advisory 04.11.05: Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow
2005-04-12 00:00:00
saint
saint
BrightStor ARCserve Universal Agent buffer overflow
2006-08-07 00:00:00
BrightStor ARCserve Universal Agent buffer overflow
2006-08-07 00:00:00
BrightStor ARCserve Universal Agent buffer overflow
2006-08-07 00:00:00
nvd
nvd
CVE-2005-1018
2005-05-02 04:00:00
checkpoint_advisories
checkpoint_advisories
CA BrightStor ARCserve Backup Universal Agent Buffer Overflow (CVE-2005-1018)
2010-01-05 00:00:00
packetstorm
packetstorm
CA BrightStor Universal Agent Overflow
2009-11-26 00:00:00
exploitdb
exploitdb
CA BrightStor Universal Agent - Remote Overflow (Metasploit)
2010-06-22 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.965

Percentile

99.6%

JSON
Related for SAINT:E87B73E4B52E8764D5697EB741B2B060
metasploit1cvelist1cve1nessus1securityvulns2saint3nvd1checkpoint_advisories1packetstorm1exploitdb1