| VID |
23215 |
| Severity |
40 |
| Port |
41524 |
| Protocol |
UDP |
| Class |
Daemon |
| Detailed Description |
The BrightStor Backup Discovery Service, according to its version, is vulnerable to multiple vulnerabilities (QO92996). BrightStor ARCserve Backup is an enterprise class backup program and its Discovery Service listens for broadcast packets from other BrightStor servers on the local network to learn about their existence. Various Computer Associates (CA) BrightStor ARCserve Backup products are vulnerable to multiple vulnerabilities, which could be exploited by attackers to bypass security restrictions, cause a denial of service, or take complete control of an affected system.
* References:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
http://www.zerodayinitiative.com/advisories/ZDI-08-026/
http://www.zerodayinitiative.com/advisories/ZDI-08-027/
http://archives.neohapsis.com/archives/bugtraq/2008-05/0224.html
http://archives.neohapsis.com/archives/bugtraq/2008-05/0227.html
http://www.frsirt.com/english/advisories/2008/1573
http://www.securitytracker.com/id?1020044
http://secunia.com/advisories/30300
* Platforms Affected:
Computer Associates, CA Business Protection Suite r2
Computer Associates, CA Business Protection Suite for MS Premium Edition r2
Computer Associates, CA Business Protection Suite for MS Standard Edition r2
Computer Associates, CA Server Protection Suite r2
Computer Associates, BrightStor ARCserve Backup r11.5
Computer Associates, BrightStor ARCserve Backup r11.1
Computer Associates, BrightStor ARCserve Backup r11.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to ARCserve Backup r11.5 SP4 / r12.0 or apply the appropriate fix for your system, as listed in CA Security Advisory Vulnerability ID: 176798 at https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798 |
| Related URL |
CVE-2008-2241,CVE-2008-2242 (CVE) |
| Related URL |
29283 (SecurityFocus) |
| Related URL |
42524,42527 (ISS) |
|
