CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability

ID ZDI-08-027
Type zdi
Reporter Damian Put
Modified 2008-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability.

The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.