Signature Detail

APP: Computer Associates ARCServer Tape Engine Overflow

This signature detects attempts to exploit a known vulnerability in the Computer Associates BrightStor ARCserve Backup Tape Engine. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Extended Description

Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions. BrightStore ARCserver Backup 11.5 is vulnerable to this issue; other versions may also be affected.

Affected Products

• Computer Associates BrightStor ARCServe Backup 11.1.0
• Computer Associates BrightStor ARCServe Backup 11.5
• Computer Associates BrightStor ARCServe Backup 11.5.0
• Computer Associates BrightStor ARCServe Backup 9.01
• Computer Associates BrightStor ARCserve Backup for Windows (All) 11.5.0
• Computer Associates BrightStor Enterprise Backup 10.5.0
• Computer Associates Business Protection Suite
• Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
• Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
• Computer Associates Protection Suites r2
• Computer Associates Server Protection Suite r2

References

• BugTraq: 22010
• BugTraq: 21221
• CVE: CVE-2007-0168
• CVE: CVE-2006-6076
• CVE: CVE-2006-6917
• URL: http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp
• URL: http://www.lssec.com/advisories/LS-20060908.pdf