BrightStor ARCserve LGServer buffer overflow

Added: 02/02/2007
CVE: CVE-2007-0449
BID: 22342
OSVDB: 31593

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in BrightStor ARCserve Backup for Laptops and Desktops allows remote attackers to execute arbitrary commands by sending a long request to the LGServer.exe process.

Resolution

Install one of the fixes referenced in the Security Notice.

References

http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993
http://www.securityfocus.com/archive/1/458648

Limitations

Exploit works on BrightStor ARCserve Backup for Laptops and Desktops r11.1.

Platforms

Windows

Back to exploit index