CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow

Added: 11/28/2008
CVE: CVE-2007-5004
BID: 24348
OSVDB: 41352

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

An integer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted authentication password to the LGServer service.

Resolution

Apply the appropriate update referenced in the CA Security Notice.

References

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675
http://archives.neohapsis.com/archives/bugtraq/2007-09/0287.html

Limitations

Exploit works on CA ARCserve Backup for Laptops and Desktops 11.1 SP2.

This exploit does not work on Windows Server 2003 with DEP enabled.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index