Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности CA BrightStor ARCserve Backup
Опубликовано:20 мая 2008 г.
Источник:
SecurityVulns ID:9009
Тип:удаленная
Уровень опасности:
7/10
Описание:Обратный путь в каталогах в caloggerd. перполнения буфера во многих функциях xdr.
Затронутые продукты:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : Brightstor ARCserve Backup 11.5
 CA : CA Server Protection Suite 2
CVE:CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.)
 CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.)
Оригинальный текстdocumentZDI, ZDI-08-026: CA BrightStor ARCserve Backup Remote Buffer Overflow (20.05.2008)
 documentCA, CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities (20.05.2008)
 documentZDI, ZDI-08-027: CA BrightStor ARCserve Backup Arbitrary File Writing Vulnerability (20.05.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород