| /// File Name: | caarcserve-dos.txt | Description:
| CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product. | | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 6325 | | Related CVE(s): | CVE-2008-4397, CVE-2008-4398, CVE-2008-4399, CVE-2008-4400 | | Last Modified: | Oct 9 18:54:03 2008 | | MD5 Checksum: | 3d3a5ef9e28febb30c8e338d187c076a |
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
