Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities occur due to insufficient bounds checking by multiple components. The second vulnerability occurs due to privileged functions being available for use without proper authorization. The third set of vulnerabilities are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services. The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.
8860eaa4bfc2250849f113f1ca5d8c680bf62c6a8fde2785a35e35b2338b7feaMultiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.
363a6e7d492038cdb02283292599822fec694fd384becbbaf92e0cbd416cee51CA ARCserve Backup for Laptops and Desktops contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.
5454620d885de990b879969d7c8d672b34a987080f8b5bfd71c41320e3bc6593Multiple CA products that utilize CA Message Queuing (CAM / CAFT) software contain a buffer overflow vulnerability. The vulnerability is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.
46fe72c71f2b06a14afa104372ad4b44357e43e92eabdb5b2e93b341ebb45541CA products that utilize the Arclib library contain two denial of service vulnerabilities. The first vulnerability is due to an application hang when processing a specially malformed CHM file. The second vulnerability is due to an application hang when processing a specially malformed RAR file.
01a0d7692b70c516c3cfb44baa9d756e9080e6e2262ee925e1c28f0efba48ff3eTrust Intrusion Detection contains a vulnerability associated with the caller.dll ActiveX control. The vulnerability is due to the caller.dll ActiveX control being marked safe for scripting. An attacker, who can lure a user into visiting a malicious website, can potentially gain complete control of an affected installation.
bf7652ef856974e523274a458f8762421906e746b5daddbe7db3072d50c9cec1Multiple CA products that utilize Alert service functionality contain multiple vulnerabilities. The vulnerabilities are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can exploit these buffer overflows to execute arbitrary code or cause service failure.
dff03d4b04f6fb38db9efcc99d514db64917edf808004035f18a70b3cba857e0Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code.
b9420a8daa8448c325330f47f53519fd6d8bf578d33c969e755fb2c28d048bb8CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code.
7a18d60f22a825bfaf66d090825d58ae0eae1abbf39a0c649afdfefc4b5795cfCA is aware that two functional exploit code samples were publicized on May 16, 2007. These two denial of service exploits are associated with vulnerabilities in CA BrightStor ARCserve Backup Mediasvr.exe and caloggerd.exe.
217dacb3ef74fd30d24c653312053d6e3b3cc12fdb8552dd63f62208d5371a8bCA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware contain multiple vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
8f199a847ae100657c96161091769e0883d36aa803d130e150619b62423ebc0cCA CleverPath Portal contains a vulnerability that can allow a local attacker to access confidential data. The vulnerability is due to insufficient filtering of SQL search queries. CA has issued a patch to address the vulnerability.
ea5c74d47d854c08f37384a948d4e8b4340a0d0bb6f3ef77f923334836a16891CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
50cf00ebba6e500a55c1f41bdda6ade451e15f3fa8050b06f214c5c44a6563acCA BrightStor ARCserve Backup contains four vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
26afa70359ee71d1cdb1f3ba90e2bd4290ccf6d14fd317067b25d049a10fc66fThe CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).
3962113ae17c146b5640bd4ec12da7a3f96a4ed5be77c2f201e85de1071f6d9eCA eTrust Intrusion Detection contains a vulnerability that can allow a remote attacker to cause a denial of service condition. Affected Products include eTrust Intrusion Detection 3.0 SP1, eTrust Intrusion Detection 3.0, and eTrust Intrusion Detection 2.0 SP1.
c4aff44d742dff175c969692af2d23c9c6f951c0f4edf0ab1e710a1fed11ce69Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.
02589667c3f2bd1a0335ba0b442c8b18de4508cda0b0bb4a915da330839058a7CA BrightStor ARCserve Backup for Laptops and Desktops contains multiple overflow conditions that can allow a remote attacker to cause a denial of service, or execute arbitrary code with local SYSTEM privileges on Windows.
6e6e8672248a7e1c4d803e9bf66b4054b05795508a899203c5e4ade01aafd269CA BrightStor ARCserve Backup contains multiple overflow conditions that can allow a remote attacker to execute arbitrary code with local SYSTEM privileges on Windows. The BrightStor ARCserve Backup Tape Engine service, Mediasvr service, and ASCORE.dll file are affected.
277d1dc497086cde18530d9b1513f826b6a78561bd1e1048a84224d877383608CAID 34876 - CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability.
0f54412beb75b544d797f6a6475238fc984c6235fe7678318bc1b6e2c236672cMultiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.
11819a7013b6e40a1cc760c94258674027e522f92b3b43914752ec599d4cbb9fCAID 34846 - CA BrightStor ARCserve Backup contains a buffer overflow that allows remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
14f77fd442c8352fa5dc275da7b933076426d1d4e5c398ae09e7d8bf4a539e90CAID 34693, 34694 - CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5b[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED): Summary: CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5bCAID 34661: CA Unicenter WSDM File System Read Access Vulnerability: Unicenter Web Services Distributed Management 3.1 uses a known vulnerable version of Jetty WebServer, an open source java web server. An advisory describing the Jetty WebServer vulnerability can be found at http://www.securityfocus.com/bid/11330. The vulnerability allows a remote attacker to gain full read access on the install partitions file system of the Unicenter WSDM host system through a directory traversal attack
59d313f06c61c6c3e14d15a2c66be546acd4d72d6e7daa4d3b078b9969a8198d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed