| Check Point Reference: |
CPAI-2008-212 |
| Date Published: |
3 Jun 2008 |
| Severity: |
Critical
|
| Last Updated: |
Tuesday 01 January, 2008 |
| Source: |
SECTRACK:1019788
SREASON:3800 |
| Industry Reference: | CVE-2008-1328 |
| Protection Provided by: |
|
| Who is Vulnerable? | CA BrightStor ARCserve Backup for Laptops and Desktops 11.0
CA BrightStor ARCserve Backup for Laptops and Desktops 11.1
CA BrightStor ARCserve Backup for Laptops and Desktops 11.1 SP1 and SP2
CA BrightStor ARCserve Backup Laptops Desktops 11.5
CA Desktop Management Suite 11.1
CA Desktop Management Suite 11.2 English
CA Desktop Management Suite 11.2 Localized |
| Vulnerability Description |
A buffer overflow vulnerability has been detected in several versions of CA ARCserve Backup for Laptops and Desktops Server and CA Management Suite. This vulnerability could allow a remote attacker to cause a Denial of Service or execute arbitrary code in an uprotected system. |
| Update/Patch Avaliable | CA ARCserve Backup for Laptops and Desktops 11.0 users should upgrade to version 11.1 applying patch QI85497
CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1 and 11.2 SP2 users should apply fix QO95512
The vendor has provided fix QO95513 for the following products:
CA ARCserve Backup for Laptops and Desktops 11.5
CA Desktop Management Suite 11.2 English
CA Desktop Management Suite 11.2 Localized
CA Desktop Management Suite 11.1 users should upgrade to 11.1 C1
|
| Vulnerability Details | CA ARCserve Backup for Laptops and Desktops versions 11.0 through 11.5 and CA Desktop Management Suite versions 11.1 and 11.2 are vulnerable to a stack-based buffer overflow. This vulnerability is due to improper bounds checking on command arguments by the LGServer service. By sending an unspecified command argument, a remote attacker could execute arbitrary code on the system with system privileges or cause a Denial of Service. |
Feedback