CA BrightStor ARCserve Backup 'rxRPC.dll'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190311 漏洞类型 路径遍历
发布时间 2007-06-06 更新时间 2007-10-03
CVE编号 CVE-2007-5005 CNNVD-ID CNNVD-200710-008
漏洞平台 N/A CVSS评分 10.0
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-008
|漏洞详情
ARCServeBackupforLaptopsandDesktops(L&D)是适用于中小业务的ARCServeBackup备份工具版本。ARCserveL&D在处理RPC接口上的畸形请求数据时存在漏洞,远程攻击者可能利用此漏洞控制服务器或执行目录遍历。ARCserveL&D使用TCP/1900端口做为RPC接口管理ARCserveL&D服务器,正常的通讯示例如下:0000000027rxrLogin~~administrator---------------------------------------------Field1:10-digitbase10commandlengthfield("0000000027")Field2:RPCcommand("rxrLogin")Field3:ConstantArgumentDelimiter("~~")Field4:Argument("administrator")
|参考资料

来源:www.ca.com
链接:http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676
来源:www.ca.com
链接:http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006
来源:supportconnectw.ca.com
链接:http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
来源:SECUNIA
名称:25606
链接:http://secunia.com/advisories/25606
来源:SECTRACK
名称:1018728
链接:http://www.securitytracker.com/id?1018728
来源:BID
名称:24348
链接:http://www.securityfocus.com/bid/24348
来源:EEYE
名称:20070920MultipleVulnerabilitiesinCAARCserveforLaptops&Desktops
链接:http://research.eeye.com/html/advisories/published/AD20070920.html
来源:BUGTRAQ
名称:20070921[CAID35673,35674,35675,35676,35677]:CAARCserveBackupforLaptopsandDesktopsMultipleServerVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/480252/100/100/threaded