Overview
The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code.
Description
Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backup Discovery Service fails to properly check incoming network traffic on 41524/udp, creating a buffer overflow vulnerability. Exploit code for this vulnerability is publicly available. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code on a system running the vulnerable software. |
Solution
Upgrade or patch |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by iDEFENSE, who in turn credits Patrik Karlsson and an anonymous source.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2005-0260 |
Severity Metric: | 39.38 |
Date Public: | 2005-02-09 |
Date First Published: | 2005-08-04 |
Date Last Updated: | 2005-08-11 19:07 UTC |
Document Revision: | 7 |