Signature Detail

APP: Computer Associates ARCserve Backup Buffer Overflow via TCP

This signature detects invalid requests sent to a BrightStor ARCserve backup server. Attackers can send malformed requests to overflow the internal server buffer and execute arbitrary code.

Extended Description

A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability). A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.

Affected Products

• Computer Associates BrightStor ARCserve 2000 Backup Windows Japanese
• Computer Associates BrightStor ARCServe Backup for AIX 11.1.0
• Computer Associates BrightStor ARCServe Backup for HP 11.1.0
• Computer Associates BrightStor ARCServe Backup for Linux 11.1.0
• Computer Associates BrightStor ARCServe Backup for Linux 7.0.0
• Computer Associates BrightStor ARCServe Backup for Linux 9.0.0
• Computer Associates BrightStor ARCServe Backup for Linux Japanese 9.0.0
• Computer Associates BrightStor ARCServe Backup for Macintosh 11.1.0
• Computer Associates BrightStor ARCServe Backup for Mainframe Linux 11.1.0
• Computer Associates BrightStor ARCServe Backup for NetWare 11.1.0
• Computer Associates BrightStor ARCServe Backup for NetWare 9.0.0
• Computer Associates BrightStor ARCServe Backup for Solaris 11.1.0
• Computer Associates BrightStor ARCServe Backup for Tru64 11.1.0
• Computer Associates BrightStor ARCServe Backup for Windows 11.0.0
• Computer Associates BrightStor ARCServe Backup for Windows 11.1.0
• Computer Associates BrightStor ARCServe Backup for Windows 9.0.0 .0.1
• Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0.0
• Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1.0
• Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1
• Computer Associates BrightStor Enterprise Backup 10.0.0
• Computer Associates BrightStor Enterprise Backup 10.5.0
• Computer Associates BrightStor Enterprise Backup for AIX 10.0.0
• Computer Associates BrightStor Enterprise Backup for AIX 10.5.0
• Computer Associates BrightStor Enterprise Backup for HP 10.5.0
• Computer Associates BrightStor Enterprise Backup for HPUX 10.0.0
• Computer Associates BrightStor Enterprise Backup for Mainframe Linux 10.0.0
• Computer Associates BrightStor Enterprise Backup for Solaris 10.0.0
• Computer Associates BrightStor Enterprise Backup for Solaris 10.5.0
• Computer Associates BrightStor Enterprise Backup for Tru64 10.5.0
• Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5.0

References

• BugTraq: 12536
• CVE: CVE-2005-2535