Added: 12/08/2006
CVE: CVE-2006-6379
BID: 21502
OSVDB: 30775
The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP.
A buffer overflow vulnerability in the **ASBRDCST.DLL**
library allows remote attackers to execute arbitrary commands by sending a specially crafted command of type 9b to the discovery service.
Apply a fix from Computer Associates.
<http://supportconnectw.ca.com/public/storage/infodocs/babsecurity-notice.asp>
Exploit works on BrightStor ARCserve Backup 11.1 SP2.
Windows