Rule:

--
Sid:
3475

--
Summary:
This event is generated when an attempt is made to exploit a
buffer overflow associated with BrightStor ARCserve backup
client message processing.

--
Impact:
A successful attack can cause a buffer overflow and the
subsequent execution of arbitrary code with system level
privileges on a vulnerable server.

--
Detailed Information:
A vulnerability exists in the way that a the BrightStor ARCserve
discovery service processes client messages.  Client product
information messages and client slot information messages that contain
an overly long client name or client domain value can
cause the buffer overflow. The discovery service can listen on TCP port
41523 and UDP port 41524.

--
Affected Systems:
	Computer Associates BrightStor ARCserver Backup 9.x - 11.x

--
Attack Scenarios:
An attacker can craft a malformed message with a spoofed
client IP address, causing a buffer overflow.
--
Ease of Attack:
Simple.  Exploits are publicly available.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References

--
