BrightStor ARCserve Media Server SUN RPC buffer overflow

Added: 05/03/2007
CVE: CVE-2007-2139
BID: 23635
OSVDB: 34127

Background

CA ARCserve Backup (formerly BrightStor ARCserve Backup) is a backup and recovery solution. ARCserve Media Server is a component which comes with ARCserve Backup.

Problem

ARCserve Media Server is affected by multiple buffer overflow vulnerabilities which allow remote attackers to execute arbitrary commands by sending specially crafted requests to the SUN RPC service.

Resolution

Apply one of the patches referenced in the CA Security Notice.

References

http://www.kb.cert.org/vuls/id/979825
http://www.zerodayinitiative.com/advisories/ZDI-07-022.html

Limitations

Exploit works on BrightStor ARCserve Backup r11.5 SP2.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index