The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Computer Associates Brightstor ARCserve Backup

computer vulnerability CVE-2012-2971 CVE-2012-2972

CA ARCserve Backup: two vulnerabilities

Synthesis of the vulnerability

An attacker can use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Impacted products: ARCserve Backup.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/10/2012.
Identifiers: BID-56116, CA20121018-01, CERTA-2012-AVI-591, CVE-2012-2971, CVE-2012-2972, VIGILANCE-VUL-12085, VU#408099, VU#936363.

Description of the vulnerability

Two vulnerabilities were announced in CA ARCserve Backup.

An attacker can send a malicious RPC query to the server, to generate a buffer overflow, leading to code execution. [severity:3/4; CVE-2012-2971, VU#936363]

An attacker can send several malicious RPC queries to the server/agent, to stop it. [severity:2/4; CVE-2012-2972, VU#408099]

An attacker can therefore use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-0691 CVE-2012-0692

CA ARCserve Backup, Workload Automation: two vulnerabilities of CA License

Synthesis of the vulnerability

A local attacker can use two vulnerabilities of CA License, in order to elevate his privileges or to create a file, via CA ARCserve Backup or CA Workload Automation.
Impacted products: ARCserve Backup, CA Workload Automation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/10/2012.
Identifiers: BID-55737, CA20121001-01, CERTA-2012-AVI-543, CVE-2012-0691, CVE-2012-0692, VIGILANCE-VUL-11991.

Description of the vulnerability

The CA ARCserve Backup and CA Workload Automation products contain the CA License component. However, this component is impacted by two vulnerabilities.

A local attacker can execute commands with system privileges. [severity:2/4; CVE-2012-0691]

A local attacker can create or alter files with elevated privileges. [severity:2/4; CVE-2012-0692]

A local attacker can therefore use two vulnerabilities of CA License, in order to elevate his privileges or to create a file, via CA ARCserve Backup or CA Workload Automation.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-1662

CA ARCserve Backup: denial of service

Synthesis of the vulnerability

A network attacker can send malformed queries, in order to stop services of CA ARCserve Backup.
Impacted products: ARCserve Backup.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 21/03/2012.
Identifiers: BID-52655, CA20120320-01, CERTA-2012-AVI-168, CVE-2012-1662, VIGILANCE-VUL-11463.

Description of the vulnerability

The CA ARCserve Backup for Windows product installs services listening on ports.

A network attacker can send malformed queries, in order to stop services of CA ARCserve Backup.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 10066

CA ARCserve Backup: buffer overflow

Synthesis of the vulnerability

An attacker can send a malicious RPC query, in order to generate a buffer overflow in CA ARCserve Backup, leading to code execution.
Impacted products: ARCserve Backup.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/10/2010.
Identifiers: BID-62582, VIGILANCE-VUL-10066.

Description of the vulnerability

Two vulnerabilities were announced in CA ARCserve Backup.

An attacker can send a RPC query to ARCserve Message Engine (port 6504) in order to create a buffer overflow. [severity:3/4]

An attacker can send a RPC query to ARCserve Message Tape (port 6502) in order to create a buffer overflow. [severity:3/4; BID-62582]

An attacker can therefore send a malicious RPC query, in order to generate a buffer overflow in CA ARCserve Backup, leading to code execution.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2010-2157

CA ARCserve Backup: information disclosure

Synthesis of the vulnerability

A local attacker can use a vulnerability of CA ARCserve Backup, in order to obtain information.
Impacted products: ARCserve Backup.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 04/06/2010.
Identifiers: BID-40566, CA20100603-01, CERTA-2010-AVI-240, CVE-2010-2157, VIGILANCE-VUL-9683.

Description of the vulnerability

The CA ARCserve Backup product manages backups.

A local attacker can use a vulnerability of CA ARCserve Backup, in order to obtain information.

 This vulnerability could for example be used to access to backups.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Computer Associates Brightstor ARCserve Backup: