Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34805
http://www.vupen.com/english/advisories/2007/2121
http://www.securitytracker.com/id?1018728
http://www.securitytracker.com/id?1018216
http://www.securityfocus.com/bid/24348
http://www.securityfocus.com/archive/1/480252/100/100/threaded
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp
http://secunia.com/advisories/25606
http://research.eeye.com/html/advisories/upcoming/20070604.html
http://research.eeye.com/html/advisories/published/AD20070920.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599