>> CA BrightStor ARCserve Backup Multiple Remote Code Execution Vulnerabilities
Title : CA BrightStor ARCserve Backup Multiple Remote Code Execution Vulnerabilities VUPEN ID : VUPEN/ADV-2006-3930 CVE ID : CVE-2006-5142 - CVE-2006-5143
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-10-05
Technical Description
Multiple vulnerabilities have been identified in various Computer Associates products, which could be exploited by remote attackers to take complete control of an affected system.
The first issue is due to buffer overflow errors in the Backup Agent Service (DBASVR.exe) that does not properly handle malformed requests (port 6071), which could be exploited by remote unauthenticated attackers to execute arbitrary commands.
The second flaw is due to a stack overflow error in the Discovery Service that fails to properly handle overly long messages received over the "CheyenneDS" Mailslot, which could be exploited by remote unauthenticated attackers to compromise a vulnerable system.
The third vulnerability is due to a stack overflow error in the Discovery Service when handling specially crafted TCP messages (port 41523), which could be exploited by remote unauthenticated attackers to execute arbitrary commands.
The fourth issue is due to heap and stack overflow errors in the Message Engine Service (msgeng.exe) when processing malformed requests (port 6503), which could be exploited by remote unauthenticated attackers to compromise a vulnerable system.
