CVE-2008-3175 - Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Lapto

CVE-2008-3175

Summary

Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:sp1:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:sp1:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:sp2:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:sp2:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:sp1:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:sp1:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:sp2:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:sp2:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:2:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:2:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:3.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:3.1:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 08-04-2021 - 13:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	30472
bugtraq	20080801 CA ARCserve Backup for Laptops and Desktops Server LGServer Service Vulnerability
confirm	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721
fulldisc	20080731 Assurent VR - CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow
sectrack	1020590
secunia	31319
vupen	ADV-2008-2286
xf	ca-abld-rxrpc-bo(44137)

saint via4

bid	30472
description	CA ARCserve Backup LGServer handshake buffer overflow
id	misc_arcservecategory_lgserverhandshake
osvdb	47545
title	brightstor_arcserve_lgserver_handshake
type	remote

Last major update

08-04-2021 - 13:31

Published

01-08-2008 - 14:41

Last modified

08-04-2021 - 13:31