> Subject: BrightStor ARCserve Backup buffer overflow PoC > From: <cybertronic () gmx ! net> > Date: 2005-02-11 18:19:23 > Message-ID: <20050211181923.27031.qmail () www ! securityfocus ! com> > > //cybertronic@xxxxxxx > > #include <stdio.h> > [...snip...] > To: BugTraq > Subject: Re: BrightStor ARCserve Backup buffer overflow PoC > Date: Feb 13 2005 3:08AM > Author: H D Moore <sflist digitaloffense net> > Message-ID: <200502122108.56300.sflist@xxxxxxxxxxxxxxxxxx> > In-Reply-To: <20050211181923.27031.qmail@xxxxxxxxxxxxxxxxxxxxx> > > Cybertronic has confirmed that this is not the same vulnerability as the > UDP overflow and that it is not addressed by any available patch from CA. > > A module for the Metasploit Framework is available from metasploit.com: > > http://metasploit.com/projects/Framework/exploits.html#cabrightstor_disc o_servicepc > > -HD Cybertronic, Thanks for the information. We are currently looking into the issue. HD, Thanks for the additional info and follow-up. Bugtraq community, Please note that vulnerability issues associated with CA products (or any other product) can be submitted by email to vuln@xxxxxx, or on our web site at http://www3.ca.com/securityadvisor/vulninfo/submit.aspx. Please send an email to vuln@xxxxxx if you need to communicate in a more secure fashion, or need to communicate via phone or snail mail. Regards, Ken Williams Ken Williams, Director, Research ; 0xE2941985 Computer Associates ; james.williams@xxxxxx A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985
