we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability CVE-2012-2971 CVE-2012-2972

CA ARCserve Backup: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Impacted products: ARCserve Backup.
Severity: 3/4.
Creation date: 19/10/2012.
Identifiers: BID-56116, CA20121018-01, CERTA-2012-AVI-591, CVE-2012-2971, CVE-2012-2972, VIGILANCE-VUL-12085, VU#408099, VU#936363.

Description of the vulnerability

Two vulnerabilities were announced in CA ARCserve Backup.

An attacker can send a malicious RPC query to the server, to generate a buffer overflow, leading to code execution. [severity:3/4; CVE-2012-2971, VU#936363]

An attacker can send several malicious RPC queries to the server/agent, to stop it. [severity:2/4; CVE-2012-2972, VU#408099]

An attacker can therefore use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.