CVE-2008-2241

Name of the Vulnerable Software and Affected Versions: CA BrightStor ARCServe Backup versions 11.0 through 11.5

Description: The issue allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. This can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

Recommendations: For CA BrightStor ARCServe Backup versions 11.0 through 11.5, consider restricting access to the caloggerd component until a patch is available. As a temporary workaround, avoid using the vulnerable input fields in log messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.