Lucene search
SAINT CorporationSAINT:F772C4149F0CE158BEB6BAD7F21C59A4HistoryOct 18, 2007 - 12:00 a.m.
BrightStor ARCserve Message Engine opnum 0x10d buffer overflow
2007-10-1800:00:00
SAINT Corporation
www.saintcorporation.com
15
0.9 High
EPSS
Percentile
98.5%
Added: 10/18/2007
CVE: CVE-2007-5327
BID: 26015
OSVDB: 41369
Background
CA ARCserve Bac kup (formerly BrightStor ARCserve Backup) is a backup and recovery solution. It runs a Message Engine RPC service on port 6504/TCP by default.
Problem
A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary commands by sending a specially crafted request with opnum 0x10d to the Message Engine RPC service.
Resolution
Apply one of the patches referenced in the Security Notice.
References
<http://www.securityfocus.com/archive/1/482112>
Limitations
Exploit works on CA BrightStor ARCserve Backup 11.5. The target’s NetBIOS name must be provided in order for the exploit to work on IPv6 targets.
Platforms
Windows
Related
saint
saint
BrightStor ARCserve Message Engine opnum 0x10d buffer overflow
2007-10-18 00:00:00
BrightStor ARCserve Message Engine opnum 0x10d buffer overflow
2007-10-18 00:00:00
BrightStor ARCserve Message Engine opnum 0x10d buffer overflow
2007-10-18 00:00:00
prion
prion
Stack overflow
2007-10-13 00:17:00
securityvulns
securityvulns
checkpoint_advisories
checkpoint_advisories
CA BrightStor ARCserve Backup Message Engine Stack Overflow (CVE-2007-5327)
2010-08-19 00:00:00
cve
cve
CVE-2007-5327
2007-10-13 00:17:00
nessus
nessus
CA BrightStor ARCserve Backup Multiple Remote Vulnerabilities (QO91094)
2007-10-12 00:00:00