> -----Original Message----- > From: advisories@xxxxxxxxx [mailto:advisories@xxxxxxxxx] > Sent: Tuesday, November 21, 2006 5:07 AM > To: bugtraq@xxxxxxxxxxxxxxxxx > Subject: LS-20061113 - CA BrightStor ARCserve Backup Remote > Buffer Overflow Vulnerability > > LS-20061113 > > LSsec has discovered a vulnerability in > Computer Associates BrightStor ARCserve > Backup v11.5, which could be exploited by > an anonymous attacker in order to execute > arbitrary code with SYSTEM privileges on > an affected system. > > The flaw specifically exists within the > Tape Engine (tapeeng.exe) due to incorrect > handling of RPC requests on TCP port 6502. > > For technical details please visit: > > http://www.lssec.com/charity.html > > LSsecurity - LSsec.com LSsecurity, Thanks for the report. Bugtraq, CA is already aware of this issue, and we are currently working on a solution. If you have questions or concerns, please send email to vuln AT ca DOT com. Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
