PT-2008-3738 · Ca · Ca Brightstor Arcserve Backup

Damian Put

Published

2008-05-21

Updated

2021-04-07

CVE-2008-2242

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: CA BrightStor ARCServe Backup versions 11.0 through 11.5

Description: The issue is related to multiple buffer overflows in xdr functions within the server. This can be exploited by remote attackers to execute arbitrary code. A specific example of exploitation is through a stack-based buffer overflow by providing a long parameter to the xdr rwsstring function.

Recommendations: For CA BrightStor ARCServe Backup versions 11.0 through 11.5, consider disabling the xdr rwsstring function as a temporary workaround until a patch is available. Restrict access to the xdr functions in the server to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-2242

Affected Products

Ca Brightstor Arcserve Backup

PT-2008-3738 · Ca · Ca Brightstor Arcserve Backup

CVE-2008-2242

Weakness Enumeration

Related Identifiers

Affected Products

References · 10