Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
BrightStor ARCserve Backup
(10.5, 11.1 build 3208, 11.5, 11.5 build 4237, 9.0, 9.0 build 2205)
Описание
Переполнение буфера в Tape Engine (tapeeng.exe) в CA (formerly Computer Associates) BrightStor ARCserve Backup позволяет злоумышленникам, действующим удаленно, выполнить произвольный код, если отправить определенные RPC-запросы на TCP-порт 6502.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.ca.com/
http://www.ca.com/
Ссылки
BUGTRAQ (20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/452222/100/0/threaded
BUGTRAQ (20061122 RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/452318/100/0/threaded
FULLDISC (20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html
FULLDISC (20061122 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html
CERT-VN (VU#437300): http://www.kb.cert.org/vuls/id/437300
BID (21221): http://www.securityfocus.com/bid/21221
FRSIRT (ADV-2006-4654): http://www.frsirt.com/english/advisories/2006/4654
SECTRACK (1017268): http://securitytracker.com/id?1017268
XF (cabrightstorarcserve-tapeeng-bo(30453)): http://xforce.iss.net/xforce/xfdb/30453
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
BUGTRAQ (20061122 RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/452318/100/0/threaded
FULLDISC (20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html
FULLDISC (20061122 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability): http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html
CERT-VN (VU#437300): http://www.kb.cert.org/vuls/id/437300
BID (21221): http://www.securityfocus.com/bid/21221
FRSIRT (ADV-2006-4654): http://www.frsirt.com/english/advisories/2006/4654
SECTRACK (1017268): http://securitytracker.com/id?1017268
XF (cabrightstorarcserve-tapeeng-bo(30453)): http://xforce.iss.net/xforce/xfdb/30453
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817