Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
TITLE: Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
CLASS: Unknown
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 06 2007 12:00AM
UPDATE: Jun 07 2007 10:10PM
CREDIT: The original discoverer of this issue is currently unknown; eEye Digital Security disclosed these issues.
VULNERABLE:
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Computer Associates ARCserve Backup for Laptops & Desktops is prone to multiple unspecified remote buffer-overflow vulnerabilities. These issues occur because the application fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
No further details are currently available. We will update this BID as more information emerges.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers.
ARCserve Backup for Laptops & Desktops r11.1 is reported vulnerable.
Update - June 7 2007: The vendor has announced that a patches are being developed to address these issues.
Exploit
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- EEYEB-20070604 eEye Digital Security (eEye Digital Security)
- CA Works On Patches For 10 Critical Bugs In Backup Software (InformationWeek)
- CA ARCserve Backup for Laptops & Desktops Homepage (Computer Associates)