Secunia Research has discovered a vulnerability in BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient validation of "handle_t" arguments passed to RPC endpoints. Passing object pointers to procedures that expect different types can result in arbitrary code execution. CA ARCserve Backup 11.5 SP4 build 4491 is affected.
e2a11f405220b9f29248d5ad13bb5f7b5c4b3427fdd20d80cf7519bac87cd5c3
CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67a