Vulnerability CVE-2008-2241


Published: 2008-05-21   Modified: 2012-02-12

Description:
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CA -> Brightstor arcserve backup 
CA -> Business protection suite 
CA -> Server protection suite 

 References:
http://www.securityfocus.com/archive/1/492266/100/0/threaded
http://www.securityfocus.com/archive/1/492274/100/0/threaded
http://www.securityfocus.com/bid/29283
http://www.securitytracker.com/id?1020043
http://www.vupen.com/english/advisories/2008/1573/references
http://www.zerodayinitiative.com/advisories/ZDI-08-027/
https://exchange.xforce.ibmcloud.com/vulnerabilities/42524
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798

Copyright 2021, cxsecurity.com

 

Back to Top