|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
CA ARCserve Backup: two vulnerabilities
Synthesis of the vulnerability
An attacker can use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Impacted products: ARCserve Backup.
Creation date: 19/10/2012.
Identifiers: BID-56116, CA20121018-01, CERTA-2012-AVI-591, CVE-2012-2971, CVE-2012-2972, VIGILANCE-VUL-12085, VU#408099, VU#936363.
Description of the vulnerability
Two vulnerabilities were announced in CA ARCserve Backup.
An attacker can send a malicious RPC query to the server, to generate a buffer overflow, leading to code execution. [severity:3/4; CVE-2012-2971, VU#936363]
An attacker can send several malicious RPC queries to the server/agent, to stop it. [severity:2/4; CVE-2012-2972, VU#408099]
An attacker can therefore use two vulnerabilities of CA ARCserve Backup, in order to execute code or to create a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.