CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%
Added: 08/07/2006
CVE: CVE-2005-1018
BID: 13102
OSVDB: 15471
The BrightStor ARCserve Backup family of products includes a Universal Agent which listens for connections on port 6050/TCP.
A buffer overflow in the Universal Agent allows remote attackers to execute arbitrary commands by sending a specially crafted argument before the option field.
Apply one of the patches referenced in the iDEFENSE advisory.
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=232>
Exploit works on BrightStor ARCserve Backup 11.1 on Windows 2000 SP4. The vulnerable component, Universal Agent, is contained in the BrightStor ARCserve Backup Client package. Due to the nature of the vulnerability, the success of the exploit depends upon the state of the system at the time the exploit is attempted.
Windows