Lucene search

[email protected]CVE-2008-5415

HistoryDec 11, 2008 - 3:30 p.m.

CVE-2008-5415

2008-12-1115:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2008-5415

ldbserver

remote attackers

execute arbitrary code

rpc endpoint

handle_t argument

incompatible procedure

nvd

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.24 Low

EPSS

Percentile

96.6%

JSON

The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.

CPENameOperatorVersion
broadcom:arcserve_backupbroadcom arcserve backupeqr12.0
ca:arcserve_backupca arcserve backupeqr11.1
ca:arcserve_backupca arcserve backupeqr11.5

CPE	Name	Operator	Version
broadcom:arcserve_backup	broadcom arcserve backup	eq	r12.0
ca:arcserve_backup	ca arcserve backup	eq	r11.1
ca:arcserve_backup	ca arcserve backup	eq	r11.5

References

community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx

osvdb.org/50683

secunia.com/advisories/27299

secunia.com/secunia_research/2007-82/

securityreason.com/securityalert/4708

www.securityfocus.com/archive/1/499104/100/0/threaded

www.securityfocus.com/archive/1/499128/100/0/threaded

www.securityfocus.com/bid/32764

www.vupen.com/english/advisories/2008/3404

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.24 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2008-5415

nessus1 securityvulns3 prion1