BrightStor ARCserve Message Engine RPC server buffer overflow

Added: 11/09/2006
CVE: CVE-2006-5143
BID: 20365
OSVDB: 29535

Background

The BrightStor ARCserve Backup family of products includes a Message Engine which listens for connections on port 6503/TCP.

Problem

A buffer overflow in the ASCORE.dll library allows remote attackers to execute arbitrary commands when a specially crafted request is processed by the Message Engine RPC server.

Resolution

Apply the upgrade referenced in the Computer Associates Security Notice.

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0098.html

Limitations

Exploit works on BrightStor ARCserve Backup 11.5. Due to the nature of the vulnerability, the success of this exploit may depend on the system state at the time the exploit is run.

Platforms

Windows 2000 SP4
Windows 2000 SP4 / Windows 2000
Windows 2000 SP3

Back to exploit index