Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5005

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5005
Last Modified 05 Sep 2008 05:29:38
Published 01 Oct 2007 04:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5005

Summary

Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

Vulnerable Systems

Application

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.0

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.1

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.5

  • Ca Brightstor Arcserve Backup Laptops Desktops 4.0

  • Ca Desktop Management Suite 11.0

  • Ca Desktop Management Suite 11.1

  • Ca Desktop Management Suite 11.2

  • Ca Protection Suites R2


References

CONFIRM - http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676

CONFIRM - http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

CONFIRM - http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

SECUNIA - 25606

SECTRACK - 1018728

BID - 24348

EEYE - 20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops

BUGTRAQ - 20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities


Last Updated: 27 May 2016 10:46:02