CVE-2008-1979
Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
El Discovery Service (casdscvc) en CA ARCserve Backup versión 12.0.5454.0 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un paquete con un valor entero largo usado en un incremento al puerto TCP 41523, lo que desencadena una lectura excesiva del búfer.
CA ARCserve Backup contains a vulnerability in the Discovery service (casdscsvc) that can allow a remote attacker to cause a denial of service condition. CA has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of client data. An attacker can make a request that can crash the service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-04-27 CVE Reserved
- 2008-04-27 CVE Published
- 2014-02-18 First Exploit
- 2024-08-07 CVE Updated
- 2025-06-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/493430/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28927 | Vdb Entry | |
| http://www.securitytracker.com/id?1020324 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41869 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31707 | 2014-02-18 | |
| http://aluigi.altervista.org/adv/carcbackazz-adv.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29855 | 2021-04-07 | |
| http://www.vupen.com/english/advisories/2008/1354 | 2021-04-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | <= 12.0.5454.0 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version " <= 12.0.5454.0" | - |
Affected
| ||||||