CA BrightStor ARCserve Backup Agent Protection
|Category:||Remote Code Execution|
|Vulnerable Systems:||BrightStor ARCserve Backup (BAB) r11.1 Windows
BrightStor ARCserve Backup 11 for Windows
BrightStor ARCserve Backup 9.0 Windows
BrightStor ARCserve Backup r11.1 (64-bit) for Windows
BrightStor ARCserve Backup r11.1 Client Agent for Windows
BrightStor ARCserve Backup Release 11 (64-bit) for Windows
BrightStor ARCserve Backup v9.01 Client Agent for Windows
BrightStor ARCserve Backup v9.01 Client Agent for Windows Non-English
BrightStor ARCserve Backup v9.01 for Windows (64bit edition)
BrightStor ARCserve Backup v9.01 for Windows Non-English
BrightStor Enterprise Backup 10.0
BrightStor Enterprise Backup 10.5
BrightStor Enterprise Backup v10.5 for Windows (64bit edition)
|Description:||Computer Associates BrightStor ARCserve Backup provides backup and recovery protection through Backup Agents for Windows server systems, Linux, Mac OS X and UNIX client environments. A vulnerability in the Backup Agent for Microsoft SQL servers allows a remote attacker to either crash the Agent or to execute arbitrary code on the system running the vulnerable Backup Agent.
The vulnerability specifically exists within BrightStor ARCserve Backup Agent for SQL. By default, the Agents listen on port 6070/TCP. This Agent is a component of the BrightStor ARCserve Backup system for handling backups of Microsoft SQL server data. When an overly long string (over 3168 bytes) is sent to the default port, a buffer overflow occurs.
|Attack Detection:||Users of VPN-1 NGX R60 who have applied the solution outlined below will identify the attack by the following log entries:
Attack Name: CA BrightStor MS-SQL Agent Protection Violation
Users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update in the SmartDashboard General window.
|Additional Information:||This Update also includes:
- Microsoft Color Management Module Protection (CPAI-2005-124)
- Remote Desktop Protocol (RDP) Protection (CPAI-2005-126)
- DirectConnect Peer to Peer Protocol Protection (CPAI-2005-127)