Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5415

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5415
Last Modified 07 Mar 2011 12:00:00
Published 11 Dec 2008 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5415

Summary

The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.

Vulnerable Systems

Application

  • Ca Arcserve Backup R11.1

  • Ca Arcserve Backup R11.5

  • Ca Arcserve Backup R12.0


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293

VUPEN - ADV-2008-3404

BID - 32764

BUGTRAQ - 20081211 Secunia Research: CA ARCserve Backup RPC

BUGTRAQ - 20081210 CA ARCserve Backup LDBserver Vulnerability

SREASON - 4708

MISC - http://secunia.com/secunia_research/2007-82/

SECUNIA - 27299

OSVDB - 50683

CONFIRM - http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx

BUGTRAQ - 20081211 Secunia Research: CA ARCserve Backup RPC "handle_t" Argument Vulnerability


Last Updated: 27 May 2016 10:49:57