Orange Applications for Business
version française
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
subscriber area free trial
subscriber area
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed

vulnerability CVE-2012-2971 CVE-2012-2972

CA ARCserve Backup: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Impacted products: ARCserve Backup.
Severity: 3/4.
Creation date: 19/10/2012.
Identifiers: BID-56116, CA20121018-01, CERTA-2012-AVI-591, CVE-2012-2971, CVE-2012-2972, VIGILANCE-VUL-12085, VU#408099, VU#936363.

Description of the vulnerability

Two vulnerabilities were announced in CA ARCserve Backup.

An attacker can send a malicious RPC query to the server, to generate a buffer overflow, leading to code execution. [severity:3/4; CVE-2012-2971, VU#936363]

An attacker can send several malicious RPC queries to the server/agent, to stop it. [severity:2/4; CVE-2012-2972, VU#408099]

An attacker can therefore use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Complete Vigil@nce bulletin.... (free trial)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.

Copyright 1999-2015 Vigil@nce. Vigil@nce is a service from Orange Applications for Business. Site map. Legal notice.