Re: BrightStor ARCserve Backup buffer overflow PoC

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: BrightStor ARCserve Backup buffer overflow PoC
From: H D Moore <sflist@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Feb 2005 17:49:22 -0600
In-reply-to: <20050211181923.27031.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050211181923.27031.qmail@xxxxxxxxxxxxxxxxxxxxx>
User-agent: KMail/1.7

Is this for the same flaw detailed at the URL below? The iDefense bug 
seems to be in the UDP service, but this affects the TCP service...

 http://www.idefense.com/application/poi/display?id=194&type=vulnerabilities

We just posted an exploit for the UDP overflow (thanks Syscall) to the 
metasploit.com web site, it does not seem like the same vulnerability:

 http://metasploit.com/projects/Framework/exploits.html#cabrightstor_disco

-HD

On Friday 11 February 2005 12:19, cybertronic@xxxxxxx wrote:
> //cybertronic@xxxxxxx
>
> #define PORT 41523

References:
- BrightStor ARCserve Backup buffer overflow PoC
  - From: cybertronic

Prev by Date: exim auth_spa_server() PoC exploit
Next by Date: [CLA-2005:924] Conectiva Security Announcement - XFree86
Previous by thread: BrightStor ARCserve Backup buffer overflow PoC
Next by thread: Re: BrightStor ARCserve Backup buffer overflow PoC
Index(es):
- Date
- Thread