CA BrightStor ARCserve Backup multiple security vulnerabilities
Published:		20.05.2008
Source:		BUGTRAQ
SecurityVulns ID:		9009
Type:		remote
Level:		7/10
Description:		caloggerd directory traversal. Buffer overflow in multiple xdr functions.

Affected:		CA : Brightstor ARCserve Backup 11.1
		CA : Brightstor ARCserve Backup 11.0
		CA : Brightstor ARCserve Backup 11.5
		CA : CA Server Protection Suite 2
CVE:		CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.)
		CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.)

Original document		ZDI, ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow (20.05.2008)
		CA, CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities (20.05.2008)
		ZDI, ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability (20.05.2008)

Discuss:

Read or add your comments to this news (0 comments)