Update Protection against CA ARCserve Backup for Laptops and Desktops NetBackup Arbitrary File Upload Vulnerability
| Check Point Reference: | CPAI-2008-132 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA25606 | |
| Industry Reference(s): | CVE-2008-1329 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? CA ARCserve Backup for Laptops and Desktops r11.0 CA ARCserve Backup for Laptops and Desktops r11.1 CA ARCserve Backup for Laptops and Desktops r11.5 CA Desktop Management Suite 11.1 CA Desktop Management Suite 11.2 | ||
| Vulnerability Description A security bypass vulnerability has been reported in CA ARCserve Backup for Laptops and Desktops. Computer Associates (CA) BrightStor ARCserve Backup for Laptops and Desktops provides backup and data recovery for remote, mobile and desktop computers. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. |
||
|
Update/Patch Available Apply updates: CA |
|
|
Vulnerability Details The vulnerability is due to an error in the NetBackup service that fails to sanitize malicious content in client requests. An attacker can exploit this issue by sending a specially crafted request to the target service. Successful exploitation of this vulnerability can allow the attacker to upload arbitrary files to controllable location on the server, enabling execution of arbitrary code. |
Protection Overview
By enabling this protection, IPS-1 will detect and block malformed requests sent to the server.
In order for the protection to be activated, update your product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.