|
|
Family: Gain root remotely --> Category: infos
BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of BrightStor ARCserve Backup
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote service is affected by a buffer overflow vulnerability.
Description :
According to its version, the installation of BrightStor ARCserve
Backup on the remote host allows a possible hacker to execute arbitrary code
on the affected host with SYSTEM rights due to a buffer overflow
that can be triggered by a specially-crafted packet sent to the
Discovery Service.
Note that the vendor reports only Windows installs are vulnerable.
See also :
http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp
http://www.securityfocus.com/archive/1/archive/1/453916/100/0/threaded
Solution :
Either apply the appropriate patch as described in the vendor advisory
referenced above or upgrade to BrightStor ARCserve Backup r11.5 SP2 or
later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
