Информационная безопасность
[RU] switch to English


Переполнение буфера в Brightstor ArcServe Backup (buffer overflow)
дополнено с 8 декабря 2006 г.
Опубликовано:1 апреля 2007 г.
Источник:
SecurityVulns ID:6903
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера в службе обнаружения, в службе управления носителями, подсистеме обмена сообщениями.
Затронутые продукты:CA : Brightstor ARCserve Backup 11.1
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.)
 CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.)
 CVE-2007-14478
 CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.)
 CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.)
 CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.)
 CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.)
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.)
 CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.)
 CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.)
 CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.)
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.)
 CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.)
 CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.)
Оригинальный текстdocumentCA, CA BrightStor ARCserve Backup Mediasvr.exe vulnerability (01.04.2007)
 documentM. Shirk, CA Brightstor Backup Mediasvr.exe Remote Code Vulnerability (30.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentWINNY THOMAS, ARCserve msgeng.exe buffer overflow exploit (win2k SP4) (17.03.2007)
 documentCA, [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities (17.03.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Resource Exhaustion CA Mobile BackupService (01.02.2007)
 documentNGS Software Insight Security Research, Remote DOS BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops (01.02.2007)
 documentNGS Software Insight Security Research, Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup (01.02.2007)
 documentCA, [Full-disclosure] [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities (24.01.2007)
 documentCA, [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability (12.01.2007)
 documentZDI, ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability (12.01.2007)
 documentZDI, ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability (12.01.2007)
 documentadvisories_(at)_lssec.com, LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentadvisories_(at)_lssec.com, LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability (09.12.2006)
 documentCA, [CAID 34846]: CA BrightStor ARCserve Backup Discovery Service Buffer Overflow Vulnerability (08.12.2006)
Файлы:Remote exploit for CA brightstor tapeeng (win2k SP4)
 CA brightstor msgeng.exe heap overflow exploit (win2k SP0)
 Remote exploit for the CA BrightStor Arcserve stack overflow as
 ARCserve msgeng.exe buffer overflow exploit (win2k SP4)
 Computer Associates (CA) Brightstor Backup Mediasvr.exe Remote Code Exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород