CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote software is affected by multiple vulnerabilities.

Description :

According to its version, the installation of BrightStor ARCserve
Backup on the remote host is affected by multiple vulnerabilities
in the Mediasrv RPC service.

First, the service does not properly sanitize a string given as
an argument to different RPC functions prior to calling the function
strncpy. By sending a specially crafted packet it is possible
to overflow a stack buffer.

The second vulnerability involves the handler given as an argument
for most RPC functions. The service does the check that the handler
is valid. By sending a specially crafted handler to those functions,
it is possible to redirect the execution flow.

An unauthenticated, remote attacker may be able to leverage these issues
to crash or disable the service or to execute arbitrary code on the
affected host with SYSTEM privileges.

See also :

https://www.tenable.com/security/research/tra-2007-02
http://www.nessus.org/u?9c6c1e90
https://www.zerodayinitiative.com/advisories/ZDI-07-022.html

Solution :

Apply the appropriate patch as described in the vendor advisory
referenced above.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25086 (arcserve_qo87569.nasl)

Bugtraq ID: 23209
23635

CVE ID: CVE-2007-1785
CVE-2007-2139

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now