CVE-2008-2241
Summary
| CVE | CVE-2008-2241 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-05-21 13:24:00 UTC |
| Updated | 2021-04-09 18:54:00 UTC |
| Description | Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Broadcom | Brightstor Arcserve Backup | 11.1 | All | All | All |
| Application | Broadcom | Brightstor Arcserve Backup | 11.5 | All | All | All |
| Application | Broadcom | Server Protection Suite | 2 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.0 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.1 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.5 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | r11.0 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.0 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.1 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.5 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | r11.0 | All | All | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_small_business_server_premium | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_small_business_server_standard | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_small_business_server_premium | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_small_business_server_standard | All |
| Application | Ca | Server Protection Suite | 2 | All | All | All |
| Application | Ca | Server Protection Suite | 2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| CA ARCserve Backup Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| Computer Associates ARCserve Backup 'caloggerd' and 'xdr' Functions Multiple Remote Vulnerabilities | BID | www.securityfocus.com | Patch |
| 404 Not Found | CONFIRM | support.ca.com | Patch |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CA ARCserve Backup Input Validation Flaw in caloggerd Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.