CA ARCserve Backup LGServer handshake buffer overflow

Added: 08/11/2008
CVE: CVE-2008-3175
BID: 30472
OSVDB: 47545

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in the LGServer.exe server process allows remote attackers to execute arbitrary commands by sending a specially crafted handshake response.

Resolution

Apply one of the fixes referenced in the CA Security Notice.

References

http://www.securityfocus.com/archive/1/495020

Limitations

Exploit works on CA ARCserve Backup for Laptops and Desktops r11.1 SP2 with patch QO91014.

Platforms

Windows

Back to exploit index