CA ARCserve Backup for Laptops and Desktops整数溢出漏洞

2008-08-03T00:00:00
ID SSV:3756
Type seebug
Reporter Root
Modified 2008-08-03T00:00:00

Description

BUGTRAQ ID: 30472 CVE(CAN) ID: CVE-2008-3175

CA的ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。

CA ARCserve Backup for Laptops and Desktops的LGServer服务在处理入站消息时存在整数溢出漏洞,如果未经认证的远程攻击者向TCP 1900端口上的LGServer服务提交了恶意请求的话,就会触发这个溢出,导致拒绝服务或执行任意指令。

Computer Associates Protection Suites 3.1 Computer Associates Protection Suites 3 Computer Associates Protection Suites 2 Computer Associates ARCserve Backup (L&D) r11.5 Computer Associates ARCserve Backup (L&D) r11.1 SP2 Computer Associates ARCserve Backup (L&D) r11.1 SP1 Computer Associates ARCserve Backup (L&D) r11.1 Computer Associates ARCserve Backup (L&D) r11.0 Computer Associates Desktop Management Suite 11.2 Computer Associates Desktop Management Suite 11.1 Computer Associates


目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=QI85497&os=WINDOWS&actionID=3 target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=QI85497&os=WINDOWS&actionID=3</a> <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3 target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3</a> <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3#solndownloads target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3#solndownloads</a> <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01150&os=WINDOWS&actionID=3 target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01150&os=WINDOWS&actionID=3</a>