CA ARCserve Backup Discovery Service Denial of Service - Security


Editor Login \| Register		Ekle

> World > Security

CA ARCserve Backup Discovery Service Denial of Service - Security - World -

CWRedLight

(Date : 24.04.2008 19:00:00)

CA ARCserve Backup Discovery Service Denial of Service

Secunia Advisory:	SA29855
Release Date:	2008-04-24

Critical:	Less critical
Impact:	DoS
Where:	From local network
Solution Status:	Unpatched

Software:	CA ARCserve Backup 12.x

Description:
Luigi Auriemma has reported a vulnerability in CA ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an input validation error in the Discovery Service and can be exploited to crash the service by sending a specially crafted packet to port 41523/TCP.

The vulnerability is reported in version 12.0.5454.0. Other versions may also be affected.

Solution:
Restrict network access to the affected service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/carcbackazz-adv.txt

Derecelendir

Kaynak

http://secunia.com/advisories/29855/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS