CVE-2007-0672

Description

LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.

Affected products

• Broadcom / brightstor_arcserve_backup_laptops_desktops11.0 – 11.0
• Broadcom / brightstor_arcserve_backup_laptops_desktops11.1 – 11.1
• Broadcom / brightstor_arcserve_backup_laptops_desktops11.1 – 11.1
• Broadcom / business_protection_suite2.0 – 2.0
• Broadcom / desktop_management_suite11.0 – 11.0
• Broadcom / desktop_management_suite11.1 – 11.1
• Broadcom / desktop_protection_suite2.0 – 2.0
• ca / business_protection_suite2.0 – 2.0
• ca / business_protection_suite2.0 – 2.0

References

• MISChttp://www.securityfocus.com/archive/1/458653/100/0/threaded
• MISChttp://www.securityfocus.com/bid/22339
• MISChttp://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp