Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Brightstor_enterprise_backup | Broadcom | 10.0 (including) | 10.0 (including) |
| Brightstor_enterprise_backup | Broadcom | 10.5 (including) | 10.5 (including) |
| Brightstor_arcserve_backup | Ca | 9.0.1 (including) | 9.0.1 (including) |
| Brightstor_arcserve_backup | Ca | 9.0_1 (including) | 9.0_1 (including) |
| Brightstor_arcserve_backup | Ca | 11.0 (including) | 11.0 (including) |
| Brightstor_arcserve_backup | Ca | 11.1 (including) | 11.1 (including) |
| Brightstor_arcserve_backup_agent | Ca | 9.0.1 (including) | 9.0.1 (including) |
| Brightstor_arcserve_backup_agent | Ca | 11 (including) | 11 (including) |
| Brightstor_arcserve_backup_agent | Ca | 11.0 (including) | 11.0 (including) |
| Brightstor_arcserve_backup_agent | Ca | 11.1 (including) | 11.1 (including) |
| Brightstor_enterprise_backup_agent | Ca | 10.0 (including) | 10.0 (including) |
| Brightstor_enterprise_backup_agent | Ca | 10.5 (including) | 10.5 (including) |
References
- http://www.idefense.com/application/poi/display?id=287\u0026type=vulnerabilities\u0026flashstatus=true
- http://www.kb.cert.org/vuls/id/279774
- http://www.securityfocus.com/bid/14453
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21656
- http://www.idefense.com/application/poi/display?id=287\u0026type=vulnerabilities\u0026flashstatus=true
- http://www.kb.cert.org/vuls/id/279774
- http://www.securityfocus.com/bid/14453
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21656