Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:CA:RPC-MSG-BO |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Computer Associates Products Message Engine RPC Server Remote Buffer Overflow |
Release Date |
2015/06/14 |
Update Number |
2506 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Computer Associates Products Message Engine RPC Server Remote Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Computer Associates Products Message Engine. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Extended Description
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.
Affected Products
- Ca brightstor_arcserve_backup 11.5
- Ca brightstor_arcserve_backup 9.01
- Ca brightstor_enterprise_backup 10.5
- Ca business_protection_suite 2.0
References
- BugTraq: 35396
- BugTraq: 20365
- BugTraq: 22005
- CVE: CVE-2009-1761
- CVE: CVE-2006-5143
- CVE: CVE-2007-0169
- URL: http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
- URL: http://www.zerodayinitiative.com/advisories/ZDI-06-031.html