
Rule:

--
Sid:
3658

--
Summary:
This event is generated when an attempt is made to exploit a buffer
overflow associated with BrightStor ARCserve Backup Universal Agent
message processing.

--
Impact:
A successful attack can cause a buffer overflow and the subsequent
execution of arbitrary code with system level privileges on a
vulnerable server.

--
Detailed Information:
A vulnerability exists in the way that a the BrightStor ARCserve Backup
Universal Agent processes messages with overly long data.  The
Universal Agent software of the ARCserve Backup suite is used to push
backups from individual hosts to the server component. A message with a
combination of specific option types, length value ranges and overly
long data sent to a Universal Agent listener can cause a buffer
overflow and the subsequent execution of arbitrary code with system
level privileges on a vulnerable server.

--
Affected Systems:
  Computer Associates BrightStor ARCserver Backup 9.x - 11.1
  Computer Associates BrightStor Enterprise Backup 10.x

--
Attack Scenarios:
An attacker can craft a malformed message causing a buffer overflow.

--
Ease of Attack:
Simple.  Exploits are publicly available.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Vulnerability Research Team
Judy Novak <judy.novak@sourcefire.com>

--
Additional References

iDefense:
http://www.idefense.com/application/poi/display?id=232&type=vulnerabili
ties

--
