Computer Security
[EN] securityvulns.ru no-pyccku


CA ARCserve Backup multiple security vulnerabilities
updated since 12.10.2008
Published:15.10.2008
Source:
SecurityVulns ID:9352
Type:remote
Threat Level:
7/10
Description:Code execution, multiple DoS conditions.
Affected:CA : CA Server Protection Suite 2
 CA : CA Business Protection Suite 2
 CA : ARCserve Backup 11.1
 CA : ARCserve Backup 11.5
 CA : ARCserve Backup 12.0
CVE:CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation.")
 CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation.")
 CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.)
 CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.)
Original documentdocumentVR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup DB Engine Denial of Service (15.10.2008)
 documentVR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup Tape Engine Denial of Service (15.10.2008)
 documentcocoruder, CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability (14.10.2008)
 documentCA, CA ARCserve Backup Multiple Vulnerabilities (12.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod