RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)
From: "Williams, James K" <James.Williams@xxxxxx>
Date: Thu, 17 Feb 2005 16:03:51 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcUUiKlCxxZgzHACQNiZwOlVxanbCAAqtpXw
Thread-topic: BrightStor ARCserve Backup buffer overflow PoC (fixes available)

> Subject:    BrightStor ARCserve Backup buffer overflow PoC
> From:       <cybertronic () gmx ! net>
> Date:       2005-02-11 18:19:23
> Message-ID: <20050211181923.27031.qmail () www ! securityfocus ! com>
>
> //cybertronic@xxxxxxx
> 
> #include <stdio.h>
> [...snip...]


FYI - we have now posted fixes for several versions and platforms:
 
The 32 bit versions of the update have been posted, including the r11.1
repost.
 
BAB r11.1 Windows (repost):
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64538&;
startsearch=1
BAB r11.0 Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64539&;
startsearch=1
BEB 10.5 Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64540&;
startsearch=1
BAB 9.01 NetWare:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64541&;
startsearch=1
BAB 9.01 Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64542&;
startsearch=1
BAB r11.1 NetWare:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64543&;
startsearch=1
BEB 10.0 Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64544&;
startsearch=1

Please note any prerequisites.

Patches for additional versions and platforms (including 64 bit) will be
posted shortly.

Regards,
Ken Williams
                                                         
Ken Williams, Director, Research ; 0xE2941985
Computer Associates ; james.williams@xxxxxx 
A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985

Prev by Date: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by Date: [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie
Previous by thread: Re: Dangers of discarding duplicated messages
Next by thread: [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie
Index(es):
- Date
- Thread