Vulnerabilities > CVE-2008-3175 - Numeric Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idCA_BABLD_LGSERVER_RCE.NASL
descriptionAccording to the version of rxRPC.dll installed on the remote host, the Computer Associates product is affected by an integer underflow vulnerability that could allow a remote attacker to cause the LGServer service to crash or execute arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id69316
published2013-08-13
reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/69316
titleCA ARCserve Backup for Laptops and Desktops Server, CA Protection Suite, and CA Desktop Management Suite Integer Underflow

Saint

bid30472
descriptionCA ARCserve Backup LGServer handshake buffer overflow
idmisc_arcservecategory_lgserverhandshake
osvdb47545
titlebrightstor_arcserve_lgserver_handshake
typeremote

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30472 CVE(CAN) ID: CVE-2008-3175 CA的ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 CA ARCserve Backup for Laptops and Desktops的LGServer服务在处理入站消息时存在整数溢出漏洞,如果未经认证的远程攻击者向TCP 1900端口上的LGServer服务提交了恶意请求的话,就会触发这个溢出,导致拒绝服务或执行任意指令。 Computer Associates Protection Suites 3.1 Computer Associates Protection Suites 3 Computer Associates Protection Suites 2 Computer Associates ARCserve Backup (L&amp;D) r11.5 Computer Associates ARCserve Backup (L&amp;D) r11.1 SP2 Computer Associates ARCserve Backup (L&amp;D) r11.1 SP1 Computer Associates ARCserve Backup (L&amp;D) r11.1 Computer Associates ARCserve Backup (L&amp;D) r11.0 Computer Associates Desktop Management Suite 11.2 Computer Associates Desktop Management Suite 11.1 Computer Associates ------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=QI85497&amp;os=WINDOWS&amp;actionID=3 target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=QI85497&amp;os=WINDOWS&amp;actionID=3</a> <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&amp;os=WINDOWS&amp;actionID=3 target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&amp;os=WINDOWS&amp;actionID=3</a> <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&amp;os=WINDOWS&amp;actionID=3#solndownloads target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&amp;os=WINDOWS&amp;actionID=3#solndownloads</a> <a href=https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01150&amp;os=WINDOWS&amp;actionID=3 target=_blank>https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01150&amp;os=WINDOWS&amp;actionID=3</a>
idSSV:3756
last seen2017-11-19
modified2008-08-03
published2008-08-03
reporterRoot
titleCA ARCserve Backup for Laptops and Desktops整数溢出漏洞