CVE-2008-1979
Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
El Discovery Service (casdscvc) en CA ARCserve Backup versión 12.0.5454.0 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo de aplicación) por medio de un paquete con un valor entero largo usado en un incremento al puerto TCP 41523, lo que desencadena una lectura excesiva del búfer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-04-24 First Exploit
- 2008-04-27 CVE Reserved
- 2008-04-27 CVE Published
- 2023-11-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/493430/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/28927 | Vdb Entry | |
http://www.securitytracker.com/id?1020324 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41869 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/31707 | 2008-04-24 | |
http://aluigi.altervista.org/adv/carcbackazz-adv.txt | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/29855 | 2021-04-07 | |
http://www.vupen.com/english/advisories/2008/1354 | 2021-04-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | <= 12.0.5454.0 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version " <= 12.0.5454.0" | - |
Affected
|