This Metasploit module exploits a buffer overflow in Computer Associates BrighStor ARCserve r11.5 (build 3884). By sending a specially crafted RPC request to opcode 0x342, an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability, you will need set the hostname argument (HNAME).
25561774611f62f76340df5f53273f88999603ab3128927abfd951eddc17dd28CA BrightStor ARCServe BackUp is an overall data backup solution. The RPC interface of CA BrightStor ARCServe BackUp does not handle user's input exactly that allows anonymous attacker to inject any command, a remote code execution attack may achieved through this way. Details are provided. CA BrightStor ARCServe BackUp version R11.5 is affected.
f8d09baffc323cebdb0ee128fa1a375f7483be296775677fead1555e2c71a4beCA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.
4a1efc837ec3a9c0d729220a5e7ba7876a7442c1a76a70f4dfc0ac3bc64384ca
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed