Description
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
Affected products
- Broadcom / arcserve_backupr12.0 β r12.0
- Broadcom / business_protection_suiter2 β r2
- Broadcom / server_protection_suiter2 β r2
- ca / arcserve_backupr11.1 β r11.1
- ca / arcserve_backupr11.5 β r11.5
- ca / business_protection_suiter2 β r2
- ca / business_protection_suiter2 β r2
References
- MISChttp://www.securityfocus.com/bid/31684
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/45774
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2777
- MISChttp://www.securitytracker.com/id?1021032
- MISChttp://www.securityfocus.com/archive/1/497281/100/0/threaded
- MISChttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
- VENDOR_ADVISORYhttp://secunia.com/advisories/32220
- MISChttp://www.securityfocus.com/archive/1/497218
- MISChttp://securityreason.com/securityalert/4412