vulnerability CVE-2012-2971 CVE-2012-2972
CA ARCserve Backup: two vulnerabilities
Synthesis of the vulnerability
An attacker can use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.Impacted products:
BID-56116, CA20121018-01, CERTA-2012-AVI-591, CVE-2012-2971, CVE-2012-2972, VIGILANCE-VUL-12085, VU#408099, VU#936363.
Description of the vulnerability
Two vulnerabilities were announced in CA ARCserve Backup.
An attacker can send a malicious RPC query to the server, to generate a buffer overflow, leading to code execution. [severity:3/4; CVE-2012-2971, VU#936363]
An attacker can send several malicious RPC queries to the server/agent, to stop it. [severity:2/4; CVE-2012-2972, VU#408099]
An attacker can therefore use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability note
. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.