CA ARCserve Backup multiple security vulnerabilities updated since 12.10.2008
Published:		15.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9352
Type:		remote
Level:		7/10
Description:		Code execution, multiple DoS conditions.

Affected:		CA : CA Server Protection Suite 2
		CA : CA Business Protection Suite 2
		CA : ARCserve Backup 11.1
		CA : ARCserve Backup 11.5
		CA : ARCserve Backup 12.0
CVE:		CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation.")
		CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation.")
		CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.)
		CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.)

Original document		VR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup DB Engine Denial of Service (15.10.2008)
		VR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup Tape Engine Denial of Service (15.10.2008)
		cocoruder, CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability (14.10.2008)
		CA, CA ARCserve Backup Multiple Vulnerabilities (12.10.2008)

Discuss:

Read or add your comments to this news (0 comments)