Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:CA:ARCSRV:TCP-BOF

Severity

 Critical

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Computer Associates ARCserve Backup Buffer Overflow via TCP

Release Date

 2005/02/16

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Computer Associates ARCserve Backup Buffer Overflow via TCP


This signature detects invalid requests sent to a BrightStor ARCserve backup server. Attackers can send malformed requests to overflow the internal server buffer and execute arbitrary code.

Extended Description

A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability). A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.

Affected Products

  • Computer_associates brightstor_arcserve_2000_backup_windows_japanese
  • Computer_associates brightstor_arcserve_backup_for_aix 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_hp 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_linux 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_linux 7.0.0
  • Computer_associates brightstor_arcserve_backup_for_linux 9.0.0
  • Computer_associates brightstor_arcserve_backup_for_linux_japanese 9.0.0
  • Computer_associates brightstor_arcserve_backup_for_macintosh 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_mainframe_linux 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_netware 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_netware 9.0.0
  • Computer_associates brightstor_arcserve_backup_for_solaris 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_tru64 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_windows 11.0.0
  • Computer_associates brightstor_arcserve_backup_for_windows 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_windows 9.0.0 .0.1
  • Computer_associates brightstor_arcserve_backup_for_windows_64_bit 11.0.0
  • Computer_associates brightstor_arcserve_backup_for_windows_64_bit 11.1.0
  • Computer_associates brightstor_arcserve_backup_for_windows_64_bit 9.0.1
  • Computer_associates brightstor_enterprise_backup 10.0.0
  • Computer_associates brightstor_enterprise_backup 10.5.0
  • Computer_associates brightstor_enterprise_backup_for_aix 10.0.0
  • Computer_associates brightstor_enterprise_backup_for_aix 10.5.0
  • Computer_associates brightstor_enterprise_backup_for_hp 10.5.0
  • Computer_associates brightstor_enterprise_backup_for_hpux 10.0.0
  • Computer_associates brightstor_enterprise_backup_for_mainframe_linux 10.0.0
  • Computer_associates brightstor_enterprise_backup_for_solaris 10.0.0
  • Computer_associates brightstor_enterprise_backup_for_solaris 10.5.0
  • Computer_associates brightstor_enterprise_backup_for_tru64 10.5.0
  • Computer_associates brightstor_enterprise_backup_for_windows_64_bit 10.5.0

References

  • BugTraq: 12536
  • CVE: CVE-2005-2535
  • URL: http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out