Added: 10/19/2006
CVE: CVE-2006-5143
BID: 20365
OSVDB: 29534
The BrightStor ARCserve Backup server includes a discovery service which listens on ports 41523/TCP and 41524/UDP.
A buffer overflow vulnerability in the **ASBRDCST.DLL**
library allows remote attackers to execute arbitrary commands by sending a specially crafted TCP packet to the discovery service.
Apply the update referenced in Computer Associates’ Security Notice.
<http://www.zerodayinitiative.com/advisories/ZDI-06-030.html>
Exploit works on BrightStor ARCserve Backup 11.1 SP2.
Windows 2000
Windows Server 2003