Full Disclosure mailing list archives

Re: [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability

From: Code Audit Labs <vulnhunt () gmail com>
Date: Thu, 06 Dec 2007 15:55:32 +0800

About half year ago , We decided to NOT audit CA BrightStor ARCServe 
Backup any longer, Just because the produce have too many vulnerability 
that's not hard to be discovered.

I think CA had better to full code audit for their produces .


cocoruder 写道:

[UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack
Overflow Vulnerability

by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net, updated on 2007.12.06


Summary:

    A remote stack overflow vulnerability exist in the RPC interface
of CA BrightStor ARCServe BackUp. An arbitrary anonymous attacker can
execute arbitrary code on the affected system by exploiting this
vulnerability.




-- 
Code Audit Labs
http://www.vulnhunt.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability cocoruder (Dec 05)
- Re: [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability Code Audit Labs (Dec 05)