This application requires Javascript for optimal performance.

CA.BrightStor.ARCserve.Tape.Engine.RPC.Code.Execution

Release Date Jan 15, 2007
Severity critical
Impact Gain Access
Description This indicates an attack attempt against a buffer-overflow vulnerability in Computer Associates BrightStor ARCserve Backup. The vulnerability is due to the software's inability to propery handle specialy crafted RPC requests to the Tape Engine. A remote attacker may exploit this to execute arbitrary code on the system with SYSTEM privileges.
Affected Products CA BrightStor ARCserve Backup r11.5 CA BrightStor ARCserve Backup r11.1 CA BrightStor ARCserve Backup for Windows r11 CA BrightStor Enterprise Backup r10.5 CA BrightStor ARCserve Backup 9.01 CA Server Protection Suite r2 CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
Recommended Actions Apply the appropriate patch. BrightStor ARCserve Backup r11.5 : https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84983 BrightStor ARCserve Backup r11.1 : https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84984 BrightStor ARCserve Backup for Windows r11 : https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917 BrightStor Enterprise Backup r10.5 : https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84986 BrightStor ARCserve Backup v9.01 : https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84985
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2006-6917 CVE-2007-0168
Reference/s http://www.frsirt.com/english/advisories/2007/0154 (FrSIRT)

Reference: VID-13782

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2011 Fortinet Inc. All Rights Reserved