{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"BrightStor ARCserve Backup v9.01 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup Client Agent r11.1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup Client Agent v9.01 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup v10.5 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup r11.0 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup v10.0.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup r11.1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nBrightStor ARCserve Backup est un serveur de sauvegarde. Il utilise un\nagent r\u00e9seau qui \u00e9coute par d\u00e9faut sur le port 6050 (TCP et UDP).\n\nUn utilisateur mal intentionn\u00e9 peut, par le biais d'un paquet TCP\nmalicieusement constitu\u00e9 envoy\u00e9 \u00e0 cet agent, ex\u00e9cuter du code arbitraire\n\u00e0 distance avec les droits de l'administrateur sur le serveur BrightStor\nARCserve Backup.\n\n## Contournement provisoire\n\nFiltrer le port 6050 (TCP et UDP) au niveau du pare-feu.\n\n## Solution\n\nAppliquer le correctif de Computer Associates (cf. Documentation).\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r10.0 pour Windows :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66523&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r11.0 pour Windows 64-Bit    Edition :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66535&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r10.5 pour Windows 64-Bit    Edition :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66533&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r10.5 pour Windows :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66524&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r9.01 pour Windows (versions    anglaises) :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66528&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r9.01 Client Agent pour Windows    (versions non-anglaises) :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66531&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r11.0 pour Windows :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66525&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r9.01 pour Windows (versions    non-anglaises) :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66529&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r11.1 pour Window64-Bit Edition    :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66534&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 11 avril 2005 :","url":"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32727"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r9.01 pour Windows 64-Bit    Edition :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66536&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r11.Client Agent 1 pour Windows    :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66527&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r9.01 Client Agent pour Windows    (versions anglaises) :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66530&os=NT"},{"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005    pour BrightStor ARCserve Backup r11.1 pour Windows :","url":"http://supportconnect.ca.com/sc/solcenter/soldetail.jsp?aparno=QO66526&os=NT"}],"reference":"CERTA-2005-AVI-143","revisions":[{"description":"version initiale.","revision_date":"2005-04-14T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence CVE et de l'avis de Computer Associates.","revision_date":"2005-04-15T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire dans BrightStor\nARCserve Backup UniversalAgent permet l'ex\u00e9cution de code arbitraire \u00e0\ndistance.\n","title":"Vuln\u00e9rabilit\u00e9 dans BrightStor ARCserve","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 Computer Associates du 08 avril 2005","url":null}]}