Bugtraq mailing list archives
Re: BrightStor ARCserve Backup buffer overflow PoC
From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 15 Feb 2005 18:36:52 -0500
Subject: BrightStor ARCserve Backup buffer overflow PoC From: <cybertronic () gmx ! net> Date: 2005-02-11 18:19:23 Message-ID: <20050211181923.27031.qmail () www ! securityfocus ! com> //cybertronic () gmx net #include <stdio.h> [...snip...]
To: BugTraq Subject: Re: BrightStor ARCserve Backup buffer overflow PoC Date: Feb 13 2005 3:08AM Author: H D Moore <sflist digitaloffense net> Message-ID: <200502122108.56300.sflist () digitaloffense net> In-Reply-To: <20050211181923.27031.qmail () www securityfocus com> Cybertronic has confirmed that this is not the same vulnerability as
the
UDP overflow and that it is not addressed by any available patch from
CA.
A module for the Metasploit Framework is available from
metasploit.com:
http://metasploit.com/projects/Framework/exploits.html#cabrightstor_disc o_servicepc
-HD
Cybertronic, Thanks for the information. We are currently looking into the issue. HD, Thanks for the additional info and follow-up. Bugtraq community, Please note that vulnerability issues associated with CA products (or any other product) can be submitted by email to vuln () ca com, or on our web site at http://www3.ca.com/securityadvisor/vulninfo/submit.aspx. Please send an email to vuln () ca com if you need to communicate in a more secure fashion, or need to communicate via phone or snail mail. Regards, Ken Williams Ken Williams, Director, Research ; 0xE2941985 Computer Associates ; james.williams () ca com A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985
Current thread:
- BrightStor ARCserve Backup buffer overflow PoC cybertronic (Feb 11)
- Re: BrightStor ARCserve Backup buffer overflow PoC H D Moore (Feb 12)
- Re: BrightStor ARCserve Backup buffer overflow PoC H D Moore (Feb 14)
- <Possible follow-ups>
- Re: BrightStor ARCserve Backup buffer overflow PoC Williams, James K (Feb 16)