Lucene search
RootSSV:3309HistoryMay 21, 2008 - 12:00 a.m.
CA ARCserve Backup caloggerd和xdr函数目录遍历及栈溢出漏洞
2008-05-2100:00:00
Root
www.seebug.org
19
0.927 High
EPSS
Percentile
98.8%
BUGTRAQ ID: 29283
CVE(CAN) ID: CVE-2008-2241,CVE-2008-2242
BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。
ARCserve Backup的caloggerd日志守护程序在处理日志消息时对提供的路径缺少检查,如果攻击者向文件附加了恶意数据的话,就可能导致在生成日志时导致目录遍历攻击。
如果向ARCserve Backup的xdr_rwsstring()库函数传送了超长参数的话,就可能触发栈溢出,导致执行任意指令。
Computer Associates Server Protection r2
Computer Associates Business Protection r2
Computer Associates Business Protection for Microsoft SBS Std Ed r2
Computer Associates Business Protection for Microsoft SBS Pre ed r2
Computer Associates ARCserve Backup r11.5
Computer Associates ARCserve Backup r11.1
Computer Associates ARCserve Backup r11.0
Computer Associates
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798” target=“_blank”>https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798</a>
Related
nessus
nessus
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO92996)
2008-05-22 00:00:00
securityvulns
securityvulns
CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities
2008-05-20 00:00:00
CA BrightStor ARCserve Backup multiple security vulnerabilities
2008-05-20 00:00:00
zdi
zdi
CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
2008-05-19 00:00:00
CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability
2008-05-19 00:00:00
cve
cve
CVE-2008-2241
2008-05-21 13:24:00
CVE-2008-2242
2008-05-21 13:24:00
prion
prion
Directory traversal
2008-05-21 13:24:00
Stack overflow
2008-05-21 13:24:00
saint
saint
CA ARCserve Backup xdr_rwsstring buffer overflow
2008-05-27 00:00:00
CA ARCserve Backup caloggerd opcode 79 buffer overflow
2008-05-30 00:00:00
CA ARCserve Backup xdr_rwsstring buffer overflow
2008-05-27 00:00:00
checkpoint_advisories
checkpoint_advisories