Several Computer Associates BrightStor ARCserve Backup Agents contain a buffer overflow, which may allow a remote attacker to execute arbitrary code.
Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. Backup Agents are available to provide backup support for additional applications, such as Microsoft SQL Server, Oracle, SAP R/3, and Microsoft Exchange.
The ARCserve Backup Agents fail to properly validate input, which creates a buffer overflow vulnerability. By default, the Backup Agents listen on 6070/tcp.
A remote, unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable Backup Agent.
Upgrade or patch
This vulnerability was reported by Computer Associates, who in turn thank iDEFENSE for reporting the vulnerability.
|Date First Published:||2005-08-03|
|Date Last Updated:||2007-01-12 21:42 UTC|