漏洞信息详情
CA BrightStor ARCserve Backup Tape Engine服务远程缓冲区错误漏洞
- CNNVD编号:CNNVD-200611-390 <!--
- 危害等级: 超危-->
- 危害等级: 超危
- CVE编号: CVE-2006-6076
- 漏洞类型: 其他
- 发布时间: 2006-11-24
- 威胁类型: 远程
- 更新时间: 2021-04-08
- 厂 商: ca
- 漏洞来源: LSsecurity
-
漏洞简介
BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。
BrightStor ARCserver Backup的Tape Engine服务(tapeeng.exe)没有正确处理RPC请求,远程攻击者可以通过向该服务(默认端口6502/TCP)发送特制报文触发缓冲区溢出,导致执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
参考网址
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/452222/100/0/threaded
来源:CONFIRM
链接:http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
来源:CONFIRM
链接:http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/437300
来源:SECUNIA
链接:http://secunia.com/advisories/24512
来源:SECTRACK
链接:http://securitytracker.com/id?1017268
来源:BID
链接:https://www.securityfocus.com/bid/21221
来源:FULLDISC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/452318/100/0/threaded
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/30453
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/456711
来源:CONFIRM
链接:http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
来源:FULLDISC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html
来源:SECUNIA
链接:http://secunia.com/advisories/23060
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2006/4654
受影响实体
- Ca Brightstor_arcserve_backup:11.5<!--2000-1-1-->
- Ca Brightstor_arcserve_backup_agent:11.1:Sql<!--2000-1-1-->
- Ca Brightstor_arcserve_backup_agent:11.0:Sql<!--2000-1-1-->
- Ca Brightstor_arcserve_backup:11:Windows<!--2000-1-1-->
- Ca Brightstor_arcserve_backup:11.5:Sp1<!--2000-1-1-->
补丁
- CA BrightStor ARCserve Backup Tape Engine服务远程缓冲区错误漏洞的修复措施<!--2006-11-24-->
还没有评论,来说两句吧...