Computer Associates ARCserve Backup 'xdr' Function Remote Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2008-2242
Advisory Date: JUL 21, 2015
DESCRIPTION
There exists a buffer overflow vulnerability in CA BrightStor ARCserve Backup. The vulnerability is due to insufficient boundary checks in the xdr_rwsstring() library function. A remote unauthenticated attacker may exploit this vulnerability by sending a long parameter using this function into a daemon to process strings. Successful exploitation of this vulnerability can lead to arbitrary code execution on the vulnerable system in the context of the affected application.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1002523
Trend Micro Deep Security DPI Rule Name: 1002523 - CA BrightStor ARCserve Backup PortMapper Decoding
AFFECTED SOFTWARE AND VERSION
- BrightStor ARCserve Backup 11.x
- BrightStor ARCserve Backup 11.x (for Windows)
- CA Server Protection Suite r2