CVSS: 7.5EPSS: 91%CPEs: 3EXPL: 0CVE-2008-2242 – CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2242
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function. Múltiples desbordamientos de buffer de las funciones xdr en el servidor de CA BrightStor ARCServe Backup 11.0, 11.1 y 11.5, permiten a atacantes remotos ejecutar código arbitrariamente, tal y como se ha demostrado mediante un desbordamiento de búfer basado en pila a través de un parámetro largo de la función xdr_rwsstring. This vulnerability allws attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code. • http://secunia.com/advisories/30300 http://www.securityfocus.com/archive/1/492274/100/0/threaded http://www.securityfocus.com/archive/1/492291/100/0/threaded http://www.securityfocus.com/bid/29283 http://www.securitytracker.com/id?1020044 http://www.vupen.com/english/advisories/2008/1573/references http://www.zerodayinitiative.com/advisories/ZDI-08-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/42527 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 7EXPL: 0CVE-2008-2241 – CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability
https://notcve.org/view.php?id=CVE-2008-2241
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. Vulnerabilidad de salto de directorio en caloggerd de BrightStor ARCServe Backup 11.0, 11.1 y 11.5, permite a atacantes remotos añadir datos a archivos arbitrariamente a través de secuencias de salto de directorio en archivos de entrada no especificados, que son utilizados en mensajes de log. NOTA: puede aprovecharse para ejecución de código en muchos entornos de instalación escribiendo en un fichero archivo de inicio o en un archivo de configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. • http://secunia.com/advisories/30300 http://www.securityfocus.com/archive/1/492266/100/0/threaded http://www.securityfocus.com/archive/1/492274/100/0/threaded http://www.securityfocus.com/bid/29283 http://www.securitytracker.com/id?1020043 http://www.vupen.com/english/advisories/2008/1573/references http://www.zerodayinitiative.com/advisories/ZDI-08-027 https://exchange.xforce.ibmcloud.com/vulnerabilities/42524 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 54%CPEs: 1EXPL: 2CVE-2008-1979 – Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service
https://notcve.org/view.php?id=CVE-2008-1979
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read. El Discovery Service (casdscvc) en CA ARCserve Backup versión 12.0.5454.0 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un paquete con un valor entero largo usado en un incremento al puerto TCP 41523, lo que desencadena una lectura excesiva del búfer. • https://www.exploit-db.com/exploits/31707 http://aluigi.altervista.org/adv/carcbackazz-adv.txt http://secunia.com/advisories/29855 http://www.securityfocus.com/archive/1/493430/100/0/threaded http://www.securityfocus.com/bid/28927 http://www.securitytracker.com/id?1020324 http://www.vupen.com/english/advisories/2008/1354 https://exchange.xforce.ibmcloud.com/vulnerabilities/41869 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 89%CPEs: 8EXPL: 0CVE-2008-1328
https://notcve.org/view.php?id=CVE-2008-1328
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments." Desbordamiento de Búfer del Servicio LGServer de CA ARCserve Backup for Laptops and Desktops versiones de la r11.0 a la r11.5 y Suite 11.1 and 11.2, permite a atacantes remotos ejecutar código de su elección a través de argumentos de comando no especificados. • http://securityreason.com/securityalert/3800 http://www.securityfocus.com/archive/1/490463/100/0/threaded http://www.securityfocus.com/bid/28616 http://www.securitytracker.com/id?1019788 http://www.vupen.com/english/advisories/2008/1104/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41641 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2008-1329
https://notcve.org/view.php?id=CVE-2008-1329
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads." Vulnerabilidad no especificada del servicio NetBackup de CA ARCserve Backup for Laptops and Desktops versiones de la r11.0 a la r11.5 y Suite 11.1 and 11.2, permite a atacantes remotos ejecutar comandos de su elección, relacionado con “subidas de archivos sin suficiente verificacion” • http://securityreason.com/securityalert/3800 http://www.securityfocus.com/archive/1/490463/100/0/threaded http://www.securityfocus.com/bid/28616 http://www.securitytracker.com/id?1019788 http://www.vupen.com/english/advisories/2008/1104/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41642 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105 •