BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 Brightstor ARCserve的mediasvr.exe服务在处理特制RPC请求时存在两个栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 在SUNRPC接口上用户定义的长度被拷贝到了几个strncpy()的静态大小栈缓冲区上,因此攻击者可以通过发送特制报文触发这些溢出,导致以在有漏洞的系统上执行任意代码。 Computer Associates BrightStor ARCserve Backup r11.0 for Windows Computer Associates BrightStor ARCserve Backup R11 Computer Associates BrightStor ARCserve Backup 9.01 Computer Associates BrightStor ARCserve Backup 11.5 Computer Associates BrightStor Enterprise Backup 10.5 Computer Associates Server Protection r2 Computer Associates Business Protection r2 Computer Associates Business Protection for Microsoft SBS Std Ed r2 Computer Associates Business Protection for Microsoft SBS Pre ed r2 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84985" target="_blank">https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84985</a> <a...
BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 Brightstor ARCserve的mediasvr.exe服务在处理特制RPC请求时存在两个栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 在SUNRPC接口上用户定义的长度被拷贝到了几个strncpy()的静态大小栈缓冲区上,因此攻击者可以通过发送特制报文触发这些溢出,导致以在有漏洞的系统上执行任意代码。 Computer Associates BrightStor ARCserve Backup r11.0 for Windows Computer Associates BrightStor ARCserve Backup R11 Computer Associates BrightStor ARCserve Backup 9.01 Computer Associates BrightStor ARCserve Backup 11.5 Computer Associates BrightStor Enterprise Backup 10.5 Computer Associates Server Protection r2 Computer Associates Business Protection r2 Computer Associates Business Protection for Microsoft SBS Std Ed r2 Computer Associates Business Protection for Microsoft SBS Pre ed r2 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84985" target="_blank">https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84985</a> <a href="https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84986" target="_blank">https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84986</a> <a href="https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917" target="_blank">https://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QI82917</a>
