Signature Detail

APP: Computer Associates ARCServe Backup LGServer (2)

This signature detects attempts to exploit a known vulnerability in the Computer Associates BrightStor ARCServe Backup LGServer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Extended Description

Computer Associates BrightStor ARCserve Backup is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized buffer. A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges. Note that only applications on the Windows operating system are affected.

Affected Products

• Computer Associates ARCserve Backup for Laptops and Desktops 11.0
• Computer Associates ARCserve Backup for Laptops and Desktops 11.1
• Computer Associates ARCserve Backup for Laptops and Desktops 11.1 SP1

References

• BugTraq: 22342
• CVE: CVE-2007-3216
• CVE: CVE-2007-5003
• CVE: CVE-2007-0449
• URL: http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993
• URL: http://secunia.com/advisories/23897
• URL: http://www.securityfocus.com/archive/1/458648/30/0/threaded