CVE-2006-5143

Name of the Vulnerable Software and Affected Versions CA BrightStor ARCserve Backup versions r11.5 SP1 and earlier CA BrightStor ARCserve Backup version r11.1 CA BrightStor ARCserve Backup version 9.01 CA BrightStor ARCserve Backup for Windows version r11 CA BrightStor Enterprise Backup version 10.5 CA Server Protection Suite version r2 CA Business Protection Suite version r2

Description The issue allows remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18. Additionally, it can be exploited through invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe), a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe), or unspecified vectors related to the Job Engine Service.

Recommendations For CA BrightStor ARCserve Backup versions r11.5 SP1 and earlier, update to a version later than r11.5 SP1. For CA BrightStor ARCserve Backup version r11.1, update to a version later than r11.1. For CA BrightStor ARCserve Backup version 9.01, update to a version later than 9.01. For CA BrightStor ARCserve Backup for Windows version r11, update to a version later than r11. For CA BrightStor Enterprise Backup version 10.5, update to a version later than 10.5. For CA Server Protection Suite version r2, update to a version later than r2. For CA Business Protection Suite version r2, update to a version later than r2. As a temporary workaround, consider restricting access to the Backup Agent RPC Server (DBASVR.exe) on TCP port 6071, the Message Engine RPC Server (msgeng.exe) on TCP port 6503, and the Discovery Service (casdscsvc.exe) on TCP port 41523 until a patch is available.