CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569)
Critical Nessus Plugin ID 25086
SynopsisThe remote software is affected by multiple vulnerabilities.
DescriptionAccording to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple vulnerabilities in the Mediasrv RPC service.
First, the service does not properly sanitize a string given as an argument to different RPC functions prior to calling the function strncpy. By sending a specially crafted packet it is possible to overflow a stack buffer.
The second vulnerability involves the handler given as an argument for most RPC functions. The service does the check that the handler is valid. By sending a specially crafted handler to those functions, it is possible to redirect the execution flow.
An unauthenticated, remote attacker may be able to leverage these issues to crash or disable the service or to execute arbitrary code on the affected host with SYSTEM privileges.
SolutionApply the appropriate patch as described in the vendor advisory referenced above.