Vendor Status Note JVNCIAC-R-120

CA BrightStor ARCserve Backup のサービスに複数の脆弱性

概要

CA BrightStor ARCserve Backup のサービスには複数の脆弱性があります。

影響を受けるシステム
 - BrightStor ARCserve 製品:
  - BrightStor ARCserve Backup for Laptops and Desktops r11.1 SP1
  - BrightStor ARCserve Backup for Laptops and Desktops r11.1
  - BrightStor ARCserve Backup for Laptops and Desktops r11.0
  - BrightStor Mobile Backup r4.0
 - CA Protection Suites r2 製品:
  - CA Desktop Protection Suite r2
  - CA Business Protection Suite r2
  - CA Business Protection Suite for Microsoft Small Business
   Server Standard Edition r2
  - CA Business Protection Suite for Microsoft Small Business
   Server Premium Edition r2
 - CA Desktop Management Suite 製品:
  - DMS r11.0
  - DMS r11.1

想定される影響

遠隔の第三者が任意のコードを実行する可能性があります。

ベンダ情報

ベンダリンク更新日
CAImportant Security Notice for BrightStor ARCserve Backup for Laptops & Desktops
CA BrightStor ARCserve Backup for Laptops and Desktops lgserver multiple overflow vulnerabilities
CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities
参考情報

  1. US-CERT Vulnerability Note VU#357308
    Computer Associates BrightStor ARCserve Backup LGSERVER.EXE heap buffer overflow
  2. US-CERT Vulnerability Note VU#611276
    Computer Associates BrightStor ARCserve Backup LGSERVER.EXE stack buffer overflow
  3. ISS X-Force Database: ca-brightstor-lgserver-port2200-bo(32027)
    CA BrightStor ARCserve Backup LGSERVER.EXE Port 2200 buffer overflow
  4. ISS X-Force Database: ca-brightstor-lgserver-port1900-bo(32028)
    CA BrightStor ARCserve Backup LGSERVER.EXE port 1900 buffer overflow
JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-0502 ( 2007-02-07 )
CIAC BulletinR-120 BrightStor ARC server Backup for Laptops and Desktops ( 2007-02-01 )
CVE2007-0449 [CVE+] VU#357308,VU#611276,XF32027,XF32028
PGP署名JVNCIAC-R-120.html.sig
登録日11:46 2007/02/10
更新日11:46 2007/02/10

Copyright(C) 2002-2009 Keio Univ. All rights reserved.