Signature Detail

APP: CA BrightStor ARCserve Backup Message Engine Stack Overflow

This signature detects attempts to exploit a known vulnerability in the Computer Associates ArcServer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Extended Description

Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues. Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers. The following applications are affected: BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows BrightStor Enterprise Backup r10.5 CA Server Protection Suite r2, CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Affected Products

• Computer Associates BrightStor ARCServe Backup 11.1.0
• Computer Associates BrightStor ARCServe Backup 11.5
• Computer Associates BrightStor ARCServe Backup 9.01
• Computer Associates BrightStor ARCServe Backup for Windows 11.0.0
• Computer Associates BrightStor Enterprise Backup 10.5.0
• Computer Associates Business Protection Suite r2
• Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
• Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
• Computer Associates Server Protection Suite r2

References

• BugTraq: 26015
• CVE: CVE-2007-5327
• URL: http://www.frsirt.com/english/advisories/2007/3470
• URL: http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
• URL: http://www.fortiguardcenter.com/advisory/FGA-2007-11.html