SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2008-2241

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1020043

http://www.securityfocus.com/archive/1/492274/100/0/threaded

http://www.securityfocus.com/archive/1/492266/100/0/threaded

BID-29283

SECUNIA-30300

ADV-2008-1573

ca-arcservebackup-caloggerd-code-execution(42524)

http://www.zerodayinitiative.com/advisories/ZDI-08-027/

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798


30430



423868



247768



909



194555



282