Vulnerability Description
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Brightstor Arcserve Backup | 11.1 |
| Broadcom | Server Protection Suite | 2 |
| Ca | Brightstor Arcserve Backup | 11.0 |
| Ca | Business Protection Suite | 2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30300
- http://www.securityfocus.com/archive/1/492266/100/0/threaded
- http://www.securityfocus.com/archive/1/492274/100/0/threaded
- http://www.securityfocus.com/bid/29283Patch
- http://www.securitytracker.com/id?1020043
- http://www.vupen.com/english/advisories/2008/1573/references
- http://www.zerodayinitiative.com/advisories/ZDI-08-027/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42524
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798Patch
- http://secunia.com/advisories/30300
- http://www.securityfocus.com/archive/1/492266/100/0/threaded
- http://www.securityfocus.com/archive/1/492274/100/0/threaded
- http://www.securityfocus.com/bid/29283Patch
- http://www.securitytracker.com/id?1020043
- http://www.vupen.com/english/advisories/2008/1573/references
FAQ
What is CVE-2008-2241?
CVE-2008-2241 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequenc...
How severe is CVE-2008-2241?
CVE-2008-2241 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2241?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brightstor Arcserve Backup, Broadcom Server Protection Suite, Ca Brightstor Arcserve Backup, Ca Business Protection Suite.