項目 |
|
攻撃 |
リモート |
攻撃ポート |
41524 |
対象OS |
Unix/Windows |
CVE |
CVE-2005-0260 |
MS |
|
PAM |
|
BrightStor Discovery service buffer overflow (BrightStor_Discovery_UDP_Overflow)
About this signature or vulnerability
RealSecure Server Sensor, RealSecure Network Sensor:
This signature detects a specially-crafted overflow request to port 41524/UDP.
Default risk level
High
Sensors that have this signature
RealSecure Server Sensor: XPU 24.31, RealSecure Network Sensor: XPU 24.31
Systems affected
Windows: 95, Windows: 98, Windows NT: 4.0, Windows: 98 Second Edition, Windows 2000: Any version, Windows: XP, Windows: Me, BrightStor ARCserve Backup for Windows: r11.1, BrightStor Enterprise Backup: 10.5, BrightStor ARCserve for NetWare: r11.1, BrightStor ARCserve Backup for Windows: 2000 Japanese, BrightStor ARCserve Backup for Windows: r11.0, BrightStor Enterprise Backup for Window: v10.0, BrightStor ARCserve Backup for Windows: v9.0, BrightStor ARCserve Backup-Win(64 bit): r11.1, BrightStor ARCserve Backup-Win(64 bit): r11.0, BrightStor Enterprise Backup-Win(64 bit: v10.5, BrightStor ARCserve for NetWare: v9, Windows 2003: Any version
Type
Unauthorized Access Attempt
Vulnerability description
BrightStor ARCserve Backup, BrightStor Enterprise Backup and BrightStor ARCserve 2000 are vulnerable to a buffer overflow, caused by improper bounds checking in the Discovery service. A remote attacker could exploit this vulnerability to overflow a buffer and possibly cause a denial of service or execute arbitrary code on the system.
How to remove this vulnerability
For BrightStor ARCserve Backup v9.0, r11.0, and r11.1 for Windows:
Upgrade to the latest BrightStor ARCserve Backup for Windows, available from the BrightStor Web site. See References.
BrightStor Enterprise Backup version v10.0 and v10.5 for Windows:
Upgrade to the latest BrightStor Enterprise for Windows, available from the BrightStor Web site. See References.
BrightStor ARCserve Backup version r11.0 and r11.1 for Windows (64 Bit Edition):
Upgrade to the latest BrightStor ARCserve Backup for Windows, available from the BrightStor Web site. See References.
BrightStor Enterprise Backup v10.5 for Windows (64 Bit Edition):
Upgrade to the latest BrightStor Enterprise for Windows (64 Bit Edition), available from the BrightStor Web site. See References.
BrightStor ARCserve Backup v9.01 for Windows (64 Bit Edition):
Upgrade to the latest BrightStor Enterprise for Windows (64 Bit Edition), available from the BrightStor Web site. See References.
BrightStor ARCserve 2000 Backup for Windows (Japanese Only):
Upgrade to the latest BrightStor ARCserve 2000 Backup for Windows (Japanese), available from the BrightStor Web site. See References.
BrightStor ARCserve Backup v9 and r11.1 for NetWare:
Upgrade to the latest BrightStor ARCserve Backup for Netware, available from the BrightStor Web site. See References.
検証環境
優先度 |
OS |
IP |
Intruder: |
Windows2000 |
192.168.221.11 |
Victim: |
Windows2000 |
192.168.221.180 |
センサー |
ProvenitaM10 |
XPU1.70 |
実証コード
Supported Exploit Targets
=========================
0 cheyprod.dll 12/12/2003
msf cabrightstor_disco(win32_bind) > set TARGET 0
TARGET -> 0
msf cabrightstor_disco(win32_bind) > exploit
[*] Starting Bind Handler.
[*] Attempting to exploit target cheyprod.dll 12/12/2003
[*] Sending 4096 bytes to remote host.
[*] Exiting Bind Handler.
msf cabrightstor_disco(win32_bind) >
影響
リモートからのコマンドの実行が可能
トレース
イベント一覧
優先度 |
シグネチャ名 |
検知件数 |
High |
BrightStor_Discovery_UDP_Overflow |
1 |
イベント詳細