发布日期：2005-08-03
更新日期：2005-08-03

受影响系统：

Computer Associates BrightStor ARCserve Backup v9.01 for Windows
Computer Associates BrightStor ARCserve Backup r11.1 for Windows
Computer Associates BrightStor ARCserve Backup r11.0 for Windows
Computer Associates BrightStor Enterprise Backup 10.5 for Windows
Computer Associates BrightStor Enterprise Backup 10 for Windows

描述：

---

BUGTRAQ  ID: 14453
CVE(CAN) ID: CVE-2005-1272

BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。

BrightStor ARCserve Backup和BrightStor Enterprise Backup Agents for Windows中存在栈溢出漏洞，可能允许远程攻击者以系统权限执行任意代码或导致拒绝服务。

溢出的起因是没有对发送给6070端口的数据执行正确的边界检查。

<*来源：Williams, James K （james.williams@ca.com）
  
  链接：http://marc.theaimsgroup.com/?l=bugtraq&m=112301005230717&w=2
*>

建议：

---

厂商补丁：

Computer Associates
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

BrightStor ARCserve Backup r11.1 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70767&startsearch=1

BrightStor ARCserve Backup r11.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70769&startsearch=1

BrightStor ARCserve Backup v9.01 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70770&startsearch=1

BrightStor Enterprise Backup v10.5 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70774&startsearch=1

BrightStor Enterprise Backup v10.0 for Windows:
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO70773&startsearch=1

浏览次数：2701
严重程度：0（网友投票）