Vulnerability Note VU#279774
Computer Associates BrightStor ARCserve Backup Agents vulnerable to buffer overflow
Several Computer Associates BrightStor ARCserve Backup Agents contain a buffer overflow, which may allow a remote attacker to execute arbitrary code.
Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. Backup Agents are available to provide backup support for additional applications, such as Microsoft SQL Server, Oracle, SAP R/3, and Microsoft Exchange.
The ARCserve Backup Agents fail to properly validate input, which creates a buffer overflow vulnerability. By default, the Backup Agents listen on 6070/tcp.
A remote, unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable Backup Agent.
Upgrade or patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Computer Associates||Affected||-||04 Aug 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Computer Associates, who in turn thank iDEFENSE for reporting the vulnerability.
This document was written by Will Dormann.
- CVE IDs: CVE-2005-1272
- Date Public: 02 Aug 2005
- Date First Published: 03 Aug 2005
- Date Last Updated: 12 Jan 2007
- Severity Metric: 25.99
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.