The Computer Associates BrightStor ARCserve Backup contains a buffer overflow in the handling of RPC data that may allow a remote attacker to execute arbitrary code.
BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data Availability and BrightStor Storage Management solutions. A vulnerability exists in Mediasrv.exe which is a component of BrightStor ARCserve Backup Tape Engine. The Tape Engine features allow BrightStor ARCserve Backup products to use tape drives for storage.
This vulnerability may be exploited by sending a specially crafted RPC request to a vulnerable system. According to Shirkdog Security Advisory SHK-004:
A remote, unauthenticated attacker may be able to execute arbitrary code.
Computer Associates eTrust Security Management
This issue was publicly reported in Shirkdog Security Advisory SHK-004
This document was written by Chris Taschner.
|Date First Published:||2007-04-02|
|Date Last Updated:||2007-05-10 14:06 UTC|