CA BrightStor ARCserve Backup Discovery Service Overflow
High Nessus Plugin ID 23841
SynopsisThe remote service is affected by a buffer overflow vulnerability.
DescriptionAccording to its version, the installation of BrightStor ARCserve Backup on the remote host allows an attacker to execute arbitrary code on the affected host with SYSTEM privileges due to a buffer overflow that can be triggered by a specially crafted packet sent to the Discovery Service.
Note that the vendor reports only Windows installs are vulnerable.
SolutionEither apply the appropriate patch as described in the vendor advisory referenced above or upgrade to BrightStor ARCserve Backup r11.5 SP2 or later.