安全研究
安全漏洞
CA BrightStor ARCserve/Enterprise发现服务SERVICEPC远程缓冲区溢出漏洞
发布日期:2005-02-09
更新日期:2005-02-21
受影响系统:
Computer Associates BrightStor ARCserve Backup v11 (Win32)描述:
BUGTRAQ ID: 12536
CVE(CAN) ID: CVE-2005-2535
Computer Associates BrightStor ARCserve/Enterprise是多平台下的备份和恢复保护系统。
Computer Associates BrightStor ARCserve Backup发现服务存在一个缓冲区溢出,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以进程权限在系统上执行任意指令。
ARCserve Backup软件在处理请求时盲目地拷贝来自网络上的数据,远程攻击者可以通过发送超长的数据导致缓冲区溢出。
<*来源:cybertronic (cybertronic@gmx.net)
链接:http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 部署防火墙,访问控制列表或其他TCP/UDP限制机制,限制不可信网络对于TCP/41523端口的访问.
厂商补丁:
Computer Associates
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Computer Associates BrightStor ARCServe Backup for NetWare 9.0:
Computer Associates Patch QO64541
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64541&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 9.0.1:
Computer Associates Patch QO64542
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64542&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.0:
Computer Associates Patch QO64544
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64544&startsearch=1
Computer Associates BrightStor Enterprise Backup 10.5:
Computer Associates Patch QO64540
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64540&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 11.0:
Computer Associates Patch QO64539
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64539&startsearch=1
Computer Associates BrightStor ARCServe Backup for Windows 11.1:
Computer Associates Patch QO64496
http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO64496&os=NT&returninput=0
Computer Associates BrightStor ARCServe Backup for Windows 64 bit 11.1:
Computer Associates Patch QO64496
http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO64496&os=NT&returninput=0
Computer Associates BrightStor ARCServe Backup for NetWare 11.1:
Computer Associates Patch QO64543
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO64543&startsearch=1
浏览次数:2841
严重程度:10(网友投票)
绿盟科技给您安全的保障