You are here

V-006: CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service

October 19, 2012 - 6:00am

Addthis

PROBLEM:

CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service

PLATFORM:

CA ARCserve Backup for Windows r12.5, r15, r16

ABSTRACT:

Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.

REFERENCE LINKS:

SecurityTracker Alert ID: 1027683 
CA Technologies Support 
CVE-2012-2971
CVE-2012-2972

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the privileges of the target service. Server installations are affected.

A remote user can send specially crafted RPC requests to cause the target service to crash [CVE-2012-2972]. Server and agent installations are affected.

IMPACT:

A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

SOLUTION:

The vendor has issued a fix.

r12.5 - RO49917  
r15 - RO49916   
r16 - RO49750   

Addthis