Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4397

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4397
Last Modified 07 Mar 2011 10:12:23
Published 14 Oct 2008 05:10:35
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4397

Summary

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Vulnerable Systems

Application

  • Ca Arcserve Backup R11.1

  • Ca Arcserve Backup R11.5

  • Ca Arcserve Backup R12.0

  • Ca Business Protection Suite R2

  • Ca Server Protection Suite R2


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

XF - ca-arcservebackup-message-command-execution(45774)

VUPEN - ADV-2008-2777

SECTRACK - 1021032

BID - 31684

BUGTRAQ - 20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability

BUGTRAQ - 20081009 CA ARCserve Backup Multiple Vulnerabilities

SREASON - 4412

SECUNIA - 32220


Last Updated: 27 May 2016 10:48:28