PT-2007-6111 · Ca · Ca Brightstor Arcserve Backup For Laptops/Desktops

Published

2007-10-01

Updated

2021-04-08

CVE-2007-5005

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA BrightStor ARCserve Backup for Laptops and Desktops versions r11.0 through r11.5

Description The issue allows remote attackers to upload and overwrite arbitrary files. This is achieved by using a .. (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

Recommendations For versions r11.0 through r11.5, consider restricting access to the rxrReceiveFileFromServer command until a fix is available, and avoid using the .. sequence in the destination filename argument to prevent arbitrary file overwrites. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-5005

Affected Products

Ca Brightstor Arcserve Backup For Laptops/Desktops

PT-2007-6111 · Ca · Ca Brightstor Arcserve Backup For Laptops/Desktops

CVE-2007-5005

Weakness Enumeration

Related Identifiers

Affected Products

References · 9