CA Products Code Execution and File Manipulation Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 21 May 2008 5294 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in various CA products, which could be exploited by remote attackers to take complete control of an affected system.

1. Due to insufficient path verification by the logging service (caloggerd), which could allow a remote attacker to append data to arbitrary files via a directory traversal, leading to system compromise.

2. Due to buffer overflow errors in various "xdr" functions, which could be exploited by remote attackers to crash an affected application or execute arbitrary code.

Impact

  • Remote Code Execution

System / Technologies affected

  • CA ARCserve Backup r11.5 (formerly BrightStor ARCserve Backup r11.5)
  • CA ARCserve Backup r11.1 (formerly BrightStor ARCserve Backup r11.1)
  • CA ARCserve Backup r11.0 (formerly BrightStor ARCserve Backup r11.0)
  • CA Server Protection Suite r2
  • CA Business Protection Suite r2
  • CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
  • CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

19 May 2008 5991 Views

Next

FileZilla GnuTLS Multiple Vulnerabilities

22 May 2008 5386 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY