Short Name |
APP:CA:ARCSRV:CAMEDIASRV |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
CA BrightStor ARCserve Backup Mediasrv.exe RPC Request Code Execution (CVE-2007-17850) |
Release Date |
2008/11/05 |
Update Number |
1306 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against CA Brightstor ARCserve Backup. A successful attack allows attackers to execute remote code in the context of the administrator.
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.