| VID |
23202 |
| Severity |
40 |
| Port |
41524 |
| Protocol |
UDP |
| Class |
Daemon |
| Detailed Description |
The BrightStor Backup Discovery Service, according to its version, is vulnerable to multiple vulnerabilities (QO91094). BrightStor ARCserve Backup is an enterprise class backup program and its Discovery Service listens for broadcast packets from other BrightStor servers on the local network to learn about their existence. Various Computer Associates (CA) BrightStor ARCserve Backup products are vulnerable to multiple vulnerabilities, which could be exploited by attackers to bypass security restrictions, cause a denial of service, or take complete control of an affected system.
* References:
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
http://research.eeye.com/html/advisories/published/AD20071011.html
http://www.frsirt.com/english/advisories/2007/3470
http://www.securitytracker.com/id?1018805
http://secunia.com/advisories/27192
* Platforms Affected:
Computer Associates, CA Business Protection Suite r2
Computer Associates, CA Business Protection Suite for MS Premium Edition r2
Computer Associates, CA Business Protection Suite for MS Standard Edition r2
Computer Associates, CA Server Protection Suite r2
Computer Associates, BrightStor ARCserve Backup r11.5
Computer Associates, BrightStor ARCserve Backup r11.1
Computer Associates, BrightStor ARCserve Backup r11.0
Computer Associates, BrightStor Enterprise Backup r10.5
Computer Associates, BrightStor ARCserve Backup 9.01
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate fix for your system (QO91094), available from the CA SupportConnect Web site at http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp |
| Related URL |
CVE-2007-5325,CVE-2007-5326,CVE-2007-5327,CVE-2007-5328,CVE-2007-5329,CVE-2007-5330,CVE-2007-5331,CVE-2007-5332 (CVE) |
| Related URL |
24017,24680,26015 (SecurityFocus) |
| Related URL |
37063,37064,37065,37067,37068,37070,37071,37072 (ISS) |
|
