Advisory Details

May 19th, 2008

CA BrightStor ARCserve Backup caloggerd Arbitrary File Writing Vulnerability

ZDI-08-027
ZDI-CAN-088

CVE ID CVE-2008-2241
CVSS SCORE
AFFECTED VENDORS Computer Associates
AFFECTED PRODUCTS BrightStor ARCserve Server
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4685. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability.

The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.

ADDITIONAL DETAILS Computer Associates has issued an update to correct this vulnerability. More details can be found at:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
DISCLOSURE TIMELINE
  • 2006-09-12 - Vulnerability reported to vendor
  • 2008-05-19 - Coordinated public release of advisory
CREDIT Damian Put
BACK TO ADVISORIES