Computer Associates Protection Suites 3.1描述:
Computer Associates Protection Suites 3
Computer Associates Protection Suites 2
Computer Associates ARCserve Backup (L&D) r11.5
Computer Associates ARCserve Backup (L&D) r11.1 SP2
Computer Associates ARCserve Backup (L&D) r11.1 SP1
Computer Associates ARCserve Backup (L&D) r11.1
Computer Associates ARCserve Backup (L&D) r11.0
Computer Associates Desktop Management Suite 11.2
Computer Associates Desktop Management Suite 11.1
BUGTRAQ ID: 30472
CVE(CAN) ID: CVE-2008-3175
CA的ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。
CA ARCserve Backup for Laptops and Desktops的LGServer服务在处理入站消息时存在整数溢出漏洞,如果未经认证的远程攻击者向TCP 1900端口上的LGServer服务提交了恶意请求的话,就会触发这个溢出,导致拒绝服务或执行任意指令。
<*来源:Assurent Secure Technologies
链接:http://marc.info/?l=full-disclosure&m=121752348726889&w=2
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721
http://secunia.com/advisories/31319/
*>
建议:
厂商补丁:
Computer Associates
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=QI85497&os=WINDOWS&actionID=3
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3#solndownloads
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01150&os=WINDOWS&actionID=3