Vulnerability Note VU#864801
Computer Associates BrightStor ARCserve Backup Discovery Service vulnerable to buffer overflow
The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code.
Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backup Discovery Service fails to properly check incoming network traffic on 41524/udp, creating a buffer overflow vulnerability.
Exploit code for this vulnerability is publicly available.
A remote, unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software.
Upgrade or patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Computer Associates||Affected||04 Aug 2005||04 Aug 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by iDEFENSE, who in turn credits Patrik Karlsson and an anonymous source.
This document was written by Will Dormann.
- CVE IDs: CAN-2005-0260
- Date Public: 09 Feb 2005
- Date First Published: 04 Aug 2005
- Date Last Updated: 11 Aug 2005
- Severity Metric: 39.38
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.