Signature Detail

APP: Computer Associates ARCserve Universal Agent Overflow

This signature detects attempts to exploit a known vulnerability against CA BrightStor ARCserv Universal Agent service. A successful attack can lead to arbitrary code execution.

Extended Description

A remote buffer-overflow vulnerability affects BrightStor ARCserve and ARCserve Enterprise agent because the application fails to securely copy data from the network. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial-of-service condition may arise as well. BrightStor ARCserve Backup v11 for Win32 platforms is vulnerable; other versions may also be affected.

Affected Products

• Computer Associates BrightStor ARCServe Backup for Windows 11.0.0
• Computer Associates BrightStor ARCServe Backup for Windows 11.1.0
• Computer Associates BrightStor ARCServe Backup for Windows 9.0.0 .0.1
• Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.0.0
• Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1.0
• Computer Associates BrightStor ARCServe Backup for Windows 64 bit 9.0.1
• Computer Associates BrightStor ARCserve Backup for Windows (All) 11.1
• Computer Associates BrightStor ARCserve Backup for Windows (Client) 11.1
• Computer Associates BrightStor ARCserve Backup for Windows (Eng-All) 9.01
• Computer Associates BrightStor ARCserve Backup for Windows (Eng-Cli) 9.01
• Computer Associates BrightStor ARCserve Backup for Windows (NoEng-All) 9.01
• Computer Associates BrightStor ARCserve Backup for Windows (NoEng-Cli) 9.01
• Computer Associates BrightStor Enterprise Backup 10.0.0
• Computer Associates BrightStor Enterprise Backup 10.5.0
• Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5.0

References

• BugTraq: 13102
• CVE: CVE-2005-1018
• URL: http://www.sans.org/newsletters/risk/display.php?v=4&i=15
• URL: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32727