Release DateOct 09, 2008 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems.Denial of Service: Remote attackers can crash vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a buffer-overflow vulnerability in CA ARCserve Backup for Laptops and Desktops Server LGServer.The vulnerability is caused due to insufficient validation of incoming messages. A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted message to the LGServer service on port 1900/TCP. |
Affected ProductsCA ARCserve Backup for Laptops and Desktops r11.5CA ARCserve Backup for Laptops and Desktops r11.1 SP2 CA ARCserve Backup for Laptops and Desktops r11.1 SP1 CA ARCserve Backup for Laptops and Desktops r11.1 CA ARCserve Backup for Laptops and Desktops r11.0 CA Desktop Management Suite 11.2 CA Desktop Management Suite 11.1 CA Protection Suites r2 CA Protection Suites 3.0 CA Protection Suites 3.1 |
Recommended ActionsApply patch, available from the web site:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-3175 |
Reference/shttp://www.securityfocus.com/bid/30472 (BugTraq)https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721 http://www.frsirt.com/english/advisories/2008/2286 (FrSIRT) |
