CA ARCserve Backup xdr_rwsstring buffer overflow

Added: 05/27/2008
CVE: CVE-2008-2242
BID: 29283
OSVDB: 45368

Background

CA ARCserve Backup (formerly BrightStor ARCserve Backup) is a backup and recovery solution. It runs several services which use the SUN Remote Procedure Call (SUN-RPC) protocol. SUN-RPC messages are defined using the External Data Representation (XDR) standard.

Problem

A buffer overflow vulnerability in the xdr_rwsstring function allows remote attackers to execute arbitrary commands by sending specially crafted data of type SString to various SUN-RPC services.

Resolution

Apply one of the patches referenced in the CA Security Notice.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-026/

Limitations

Exploit works on CA ARCserve Backup 11.1 SP2 with patch KB933729 (rpcrt4.dll version 5.2.3790.4115) on Windows and 11.5 on Linux.

Platforms

Windows 2000
Windows Server 2003
Linux

Back to exploit index