CA ARCserve Backup多个远程溢出及目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190310 漏洞类型 授权问题
发布时间 2007-06-06 更新时间 2007-10-02
CVE编号 CVE-2007-5006 CNNVD-ID CNNVD-200710-030
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-030
|漏洞详情
ARCServeBackupforLaptopsandDesktops(L&D)是适用于中小业务的ARCServeBackup备份工具版本。ARCserveL&D存在访问控制漏洞,ARCserveBackupforLaptopsandDesktops没有对已经认证的对端客户端的命令进行验证,这样会导致远程攻击者通过对端客户端实现对本机任意添加和删除用户,并重启客户端。
|参考资料

来源:www.ca.com
链接:http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677
来源:www.ca.com
链接:http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006
来源:supportconnectw.ca.com
链接:http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
来源:SECTRACK
名称:1018728
链接:http://www.securitytracker.com/id?1018728
来源:BID
名称:24348
链接:http://www.securityfocus.com/bid/24348
来源:SECUNIA
名称:25606
链接:http://secunia.com/advisories/25606
来源:IDEFENSE
名称:20070920CAARCserveBackupforLaptopsandDesktopsAuthenticationBypassVulnerability
链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=598
来源:BUGTRAQ
名称:20070921[CAID35673,35674,35675,35676,35677]:CAARCserveBackupforLaptopsandDesktopsMultipleServerVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/480252/100/100/threaded