 |
Name:
CA.BrightStor.ARCserve.Backup.XDR.Parsing.Buffer.O
|
Released Date:
May 30 2008
|
Severity:
critical
|
CVE:
2008-2242
|
|
|
|
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a buffer-overflow vulnerability in BrightStor ARCServe Backup running under Linux.
The vulnerability is caused by a username parameter length-check error in libas6script.so. It allows a remote attacker to execute arbitrary code on the victim's system by sending an excessively long username parameter.
|
|
|
|
Impact
|
|
System compromise: remote code execution.
|
|
|
|
Affected Products
|
CA BrightStor ARCServe Backup 11.0
CA BrightStor ARCServe Backup 11.1
CA BrightStor ARCServe Backup 11.5
|
|
Aliases
|
|
References
|
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2242
http://www.zerodayinitiative.com/advisories/ZDI-08-026/
|
|
Recommended Actions
|
Apply the latest update from the vendor, which can be found at the following website:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
|
|
