微点交流论坛

标题: CA BrightStor ARCServe Backup多个漏洞 [打印本页]

作者: pioneer 时间: 2007-10-19 09:25 标题: CA BrightStor ARCServe Backup多个漏洞

来源

secunia.com

软件名

BrightStor ARCserve Backup 11.x
BrightStor ARCserve Backup 11.x (for Windows)
BrightStor Enterprise Backup 10.x
BrightStor ARCserve Backup 9.x

描述

这可恶意导致拒绝服务、绕过特定的安全限制或危害有漏洞的系统。

1)多个组件(例如 Message Engine, AScore.dll, rpcx.dll)中的多个越界错误在处理RPC请求时可导致缓冲溢出

2)多个组件(例如dbasvr, lqserver,mediasvr, callogerd)中的多个错误可导致内存崩溃，崩溃成功后可执行任意代码

3)在特定函数中不正确检查授权可导致在系统上执行扩大权限的操作这漏洞在以下产品中已经报告

* BrightStor ARCserve Backup r11.5
* BrightStor ARCserve Backup r11.1
* BrightStor ARCserve Backup r11 for Windows
* BrightStor Enterprise Backup r10.5
* BrightStor ARCserve Backup v9.01
* CA Server Protection Suite r2
* CA Business Protection Suite r2
* CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
* CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

解决方案

应用补丁

BrightStor ARCserve Backup r11.5 (QO91094):
http://supportconnect.ca.com/sc/ ... mp;searchID=QO91094

BrightStor ARCserve Backup r11.1 (QO91097):
http://supportconnect.ca.com/sc/ ... mp;searchID=QO91097

BrightStor ARCserve Backup r11.0:
Upgrade to 11.1 and apply the latest patches.

BrightStor Enterprise Backup r10.5:
Upgrade to 11.5 and apply the latest patches.

BrightStor ARCserve Backup v9.01 (QO91098):
http://supportconnect.ca.com/sc/ ... mp;searchID=QO91098

CA Protection Suites r2 (QO91094):
http://supportconnect.ca.com/sc/ ... mp;searchID=QO91094

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn