CVE-2008-5415

Related Files

CA ARCserve Backup RPC "handle_t" Argument Vulnerability

Posted Dec 12, 2008

Authored by Dyon Balding | Site secunia.com

Secunia Research has discovered a vulnerability in BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient validation of "handle_t" arguments passed to RPC endpoints. Passing object pointers to procedures that expect different types can result in arbitrary code execution. CA ARCserve Backup 11.5 SP4 build 4491 is affected.

tags | advisory, arbitrary, code execution

advisories | CVE-2008-5415

SHA-256 | e2a11f405220b9f29248d5ad13bb5f7b5c4b3427fdd20d80cf7519bac87cd5c3

Download | Favorite | View

CA ARCserve Backup LDBserver Vulnerability

Posted Dec 10, 2008

Authored by Ken Williams | Site www3.ca.com

CA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.

tags | advisory, remote, denial of service, arbitrary

advisories | CVE-2008-5415

SHA-256 | c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67a

Download | Favorite | View