APP: CA BrightStor ARCserve Backup Mediasrv.exe RPC Request Code Execution (CVE-2007-17850)
This signature detects attempts to exploit a known vulnerability against CA Brightstor ARCserve Backup. A successful attack allows attackers to execute remote code in the context of the administrator.
Extended Description
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.
Affected Products
Broadcom brightstor_arcserve_backup
Short Name
APP:CA:ARCSRV:CAMEDIASRV
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
(CVE-2007-17850) ARCserve Backup BrightStor CA CVE-2007-1785 Code Execution Mediasrv.exe RPC Request bid:23209
Release Date
11/05/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
Port
tcp/1061,1313,2265,45729
False Positive
Unknown
Vendors
Ca
Broadcom
CVSS Score
7.1