Release DateOct 09, 2008 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can inject commands on vulnerable systems. |
DescriptionThis indicates an attempt to exploit a remote command injection vulnerability in CA BrightStor ARCServe BackUp Message.By sending a specially crafted RPC request, a remote attacker could bypass the current directory execution path and execute arbitrary command on a vulnerable system. |
Affected ProductsCA BrightStor ARCServe BackUp R11.5 |
Recommended ActionsThe vendor has not supplied any patches for this issue as of this writing. We recommend filtering traffic to TCP/6504 as a workaround. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-4397 |
Reference/shttp://www.securityfocus.com/bid/31684 (BugTraq)https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 |
