APP: Computer Associates ARCserve Backup Buffer Overflow via TCP
This signature detects invalid requests sent to a BrightStor ARCserve backup server. Attackers can send malformed requests to overflow the internal server buffer and execute arbitrary code.
Extended Description
A remote buffer overflow vulnerability reportedly affects BrightStor ARCserve/Enterprise. This issue is due to a failure of the application to securely copy data from the network. It should be noted that this issue is reportedly distinct from that outlined in BID 12522 (BrightStor ARCserve/Enterprise Backup UDP Probe Remote Buffer Overflow Vulnerability). A remote attacker may execute arbitrary code on a vulnerable computer, potentially facilitating unauthorized superuser access. A denial of service condition may arise as well.
Affected Products
Computer_associates brightstor_enterprise_backup_for_mainframe_linux
References
BugTraq: 12536
CVE: CVE-2005-2535
URL: http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html
Short Name
APP:CA:ARCSRV:TCP-BOF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
ARCserve Associates Backup Buffer CVE-2005-2535 Computer Overflow TCP bid:12536 via
Release Date
02/17/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
Port
TCP/41523
False Positive
Unknown
Vendors
Computer_associates
CVSS Score
7.5