Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
Computer Associates BrightStor ARCserve Backup, BrightStor Enterprise Backup, CA Server Protection Suite, and CA Business Protection Suite software use a protocol known as the Discovery Service to find other BrightStor and Protection Suite installations. A lack of validation on Discovery Service packets may allow a buffer overflow to occur.
This vulnerability only affects Computer Associates BrightStor ARCserve and Protection Suite products for the Microsoft Windows platform.
A remote, unauthenticated attacker may be able to execute arbitrary code with SYSTEM privileges.
This vulnerability was reported by the TippingPoint and the Zero Day Initiative. TippingPoint credits LSsecurity with reporting this vulnerability.
This document was written by Jeff Gennari based on information from LSsecurity.
|Date First Published:||2006-11-01|
|Date Last Updated:||2007-01-12 21:37 UTC|