Computer Associates ARCserve Backup 'xdr' Function Remote Vulnerability
Gravité: : Medium
Identifiant(s) CVE: : CVE-2008-2242
Date du conseil: 21 juillet 2015
Description
There exists a buffer overflow vulnerability in CA BrightStor ARCserve Backup. The vulnerability is due to insufficient boundary checks in the xdr_rwsstring() library function. A remote unauthenticated attacker may exploit this vulnerability by sending a long parameter using this function into a daemon to process strings. Successful exploitation of this vulnerability can lead to arbitrary code execution on the vulnerable system in the context of the affected application.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1002523
Trend Micro Deep Security DPI Rule Name: 1002523 - CA BrightStor ARCserve Backup PortMapper Decoding
Affected software and version:
- BrightStor ARCserve Backup 11.x
- BrightStor ARCserve Backup 11.x (for Windows)
- CA Server Protection Suite r2