BrightStor ARCserve Backup LGServer rxrLogin buffer overflow

Added: 11/01/2007
CVE: CVE-2007-5003
BID: 24348
OSVDB: 41353

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

A buffer overflow vulnerability in the rxrLogin function allows remote attackers to execute arbitrary commands by sending a specially crafted request to the LGServer on port 1900.

Resolution

Install one of the patches referenced in the security notice.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599

Limitations

Exploit works on BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP2.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index