Detections
Analytics
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569)
critical Nessus Plugin ID 25086
Language:
Synopsis
The remote software is affected by multiple vulnerabilities.Description
According to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple vulnerabilities in the Mediasrv RPC service.First, the service does not properly sanitize a string given as an argument to different RPC functions prior to calling the function strncpy. By sending a specially crafted packet it is possible to overflow a stack buffer.
The second vulnerability involves the handler given as an argument for most RPC functions. The service does the check that the handler is valid. By sending a specially crafted handler to those functions, it is possible to redirect the execution flow.
An unauthenticated, remote attacker may be able to leverage these issues to crash or disable the service or to execute arbitrary code on the affected host with SYSTEM privileges.
Solution
Apply the appropriate patch as described in the vendor advisory referenced above.See Also
https://www.tenable.com/security/research/tra-2007-02
Plugin Details
Severity: Critical
ID: 25086
File Name: arcserve_qo87569.nasl
Version: 1.17
Type: remote
Agent: windows
Family: Windows
Published: 4/25/2007
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:ca:arcserve_backup
Required KB Items: ARCSERVE/Discovery/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/24/2007
Vulnerability Publication Date: 3/30/2007
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (CA BrightStor ArcServe Media Service Stack Buffer Overflow)
Reference Information
CVE: CVE-2007-1785, CVE-2007-2139
TRA: TRA-2007-02