Release DateMay 30, 2008 |
Severitycritical |
ImpactSystem compromise: Remote code execution. |
DescriptionThis indicates an attempt to exploit a buffer-overflow vulnerability in BrightStor ARCServe Backup running under Linux.The vulnerability is caused by a username parameter length-check error in libas6script.so. It allows a remote attacker to execute arbitrary code on the victim's system by sending an excessively long username parameter. |
Affected ProductsCA BrightStor ARCServe Backup 11.0CA BrightStor ARCServe Backup 11.1 CA BrightStor ARCServe Backup 11.5 |
Recommended ActionsApply the latest update from the vendor, which can be found at the following website:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-2242 |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-08-026/ |
