CVE-2005-0260
published 2005-05-02CVE-2005-0260: Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a…
PriorityP264critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
69.73%
99.3th percentile
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | arcserve_backup_2000 | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup_hp | — | — |
| broadcom | brightstor_enterprise_backup | — | — |
| broadcom | brightstor_enterprise_backup | — | — |
| broadcom | brightstor_enterprise_backup | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on large UDP packets (>968 bytes) sent to port 41524 targeting the BrightStor ARCserve Discovery Service; the exploit sends a 4096-byte buffer to trigger the overflow. ↗
- →The exploit offsets the return address at byte 968 or 970 within the UDP payload; inspect UDP/41524 traffic for payloads with non-ASCII or high-entropy data at those offsets. ↗
- →The payload is placed at offset 1046 within the 4096-byte UDP buffer; null bytes (0x00) are absent from the payload due to bad-char filtering — look for large UDP/41524 datagrams with no null bytes. ↗
- ·The Metasploit module requires a StackAdjustment of -3500, indicating the shellcode executes in a stack context significantly below the overflow point; this may affect reliability of generic stack-pivot detections. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x8m6-fw59-xcw9: Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11
ghsa_unreviewed·2022-05-01
CVE-2005-0260 [HIGH] GHSA-x8m6-fw59-xcw9: Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
GHSA
GHSA-hj9p-hf3x-56rg: Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2005-2535 [CRITICAL] GHSA-hj9p-hf3x-56rg: Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.
No detection rules found.
Exploit-DB
CA BrightStor Discovery Service - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0260 CA BrightStor Discovery Service - Remote Stack Buffer Overflow (Metasploit)
CA BrightStor Discovery Service - Remote Stack Buffer Overflow (Metasploit)
---
##
# $Id: discovery_udp.rb 9263 2010-05-09 17:52:51Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'CA BrightStor Discovery Service Stack Buffer Overflow',
'Description' => %q{
This module exploits a vulnerability in the CA BrightStor
Discovery Service. This vulnerability occurs when a large
request is sent to UDP port 41524, triggering a stack buffer
overflow.
},
'Author' => [ 'hdm', 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9263
Exploit-DB
ARPUS/Ce - Local File Overwrite (setuid)
exploitdb·2005-05-01
CVE-2005-1396 ARPUS/Ce - Local File Overwrite (setuid)
ARPUS/Ce - Local File Overwrite (setuid)
---
/*
* Copyright Kevin Finisterre - ripped from my perl_ex.c
*
* ** DISCLAIMER ** I am in no way responsible for your stupidity.
* ** DISCLAIMER ** I am in no way liable for any damages caused by compilation and or execution of this code.
*
* ** WARNING ** DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING ***
* ** WARNING ** overwriting /etc/ld.so.preload can severly fuck up your box (or someone elses).
* ** WARNING ** have a boot disk ready incase some thing goes wrong.
*
* Setuid ARPUS/ce exploit by KF - kf_lists[at]digitalmunition[dot]com - 4/21/05
*
* kfinisterre@kfinisterre01:~$ ls -al /usr/bin/ce
* -rwsr-xr-x 1 root bin 630010 Sep 27 2004 /usr/bin/ce
*
* Tested against http://168.158.26.15/ce/ce-0260-intel-pentium-linux-fedoracore3.tar.gz
Metasploit
CA BrightStor Discovery Service Stack Buffer Overflow
metasploit
CA BrightStor Discovery Service Stack Buffer Overflow
CA BrightStor Discovery Service Stack Buffer Overflow
This module exploits a vulnerability in the CA BrightStor Discovery Service. This vulnerability occurs when a large request is sent to UDP port 41524, triggering a stack buffer overflow.
No writeups or analysis indexed.
http://secunia.com/advisories/14183http://securitytracker.com/id?1013138http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1http://www.idefense.com/application/poi/display?id=194&type=vulnerabilitieshttps://exchange.xforce.ibmcloud.com/vulnerabilities/19251http://secunia.com/advisories/14183http://securitytracker.com/id?1013138http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1http://www.idefense.com/application/poi/display?id=194&type=vulnerabilitieshttps://exchange.xforce.ibmcloud.com/vulnerabilities/19251
2005-05-02
Published