Vulnerability Note: VU#361792 Title: Computer Associates Discovery Service buffer overflow Original Release Date: 2006-11-01 Last Revised: 2007-01-12 Overview Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description The vulnerability affects Computer Associates BrightStor ARCserve Backup, BrightStor Enterprise Backup, CA Server Protection Suite, and CA Business Protection Suite software. It only affects products for the Microsoft Windows platform. Impact A remote, unauthenticated attacker may be able to execute arbitrary code with SYSTEM privileges. Solution Upgrade: Customers with vulnerable versions of the BrightStor ARCserve Backup products should upgrade to the latest versions. Restrict Access: Block access to the vulnerable software from outside the network perimeter. Vendor Information Vulnerable: Computer Associates CVSS Metrics Group: Base, Temporal, Environmental References Multiple links to external advisories and advisories from various organizations. Acknowledgements Vulnerability reported by TippingPoint and the Zero Day Initiative. Credited LSsecurity. Other Information CVE ID: CVE-2006-5143 Severity Metric: 16.54 Date Public: 2006-10-05 Date First Published: 2006-11-01 Date Last Updated: 2007-01-12 Document Revision: 33