[Full-disclosure] [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability
Code Audit Labs
vulnhunt at gmail.com
Thu Dec 6 07:55:32 GMT 2007
About half year ago , We decided to NOT audit CA BrightStor ARCServe
Backup any longer, Just because the produce have too many vulnerability
that's not hard to be discovered.
I think CA had better to full code audit for their produces .
cocoruder 写道:
> [UPDATE]CA BrightStor ARCServe BackUp Message Engine Remote Stack
> Overflow Vulnerability
>
> by cocoruder(frankruder_at_hotmail.com)
> http://ruder.cdut.net, updated on 2007.12.06
>
>
> Summary:
>
> A remote stack overflow vulnerability exist in the RPC interface
> of CA BrightStor ARCServe BackUp. An arbitrary anonymous attacker can
> execute arbitrary code on the affected system by exploiting this
> vulnerability.
>
--
Code Audit Labs
http://www.vulnhunt.com/
Full-Disclosure is hosted and sponsored by Secunia.