Full Disclosure: LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability

From: advisories () lssec com
Date: Fri, 8 Dec 2006 22:40:47 +0100 (CET)

LS-20061001

LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup v11.5, which could be exploited 
by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw 
specifically exists within the Tape Engine (tapeeng.exe) due to incorrect handling of RPC requests on TCP port 6502. 
The interface is identified by
62b93df0-8b02-11ce-876c-00805f842837. Opnum 38 specifies the vulnerable operation within this interface.

Technical details:

http://www.lssec.com/advisories.html

LSsecurity - LSsec.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability advisories (Dec 08)
- <Possible follow-ups>
- Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability Williams, James K (Dec 12)