SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   CA ARCserve D2D Vendors:   CA
CA ARCserve D2D RPC Interface Lets Remote Users Bypass Access Controls
SecurityTracker Alert ID:  1025846
SecurityTracker URL:  http://securitytracker.com/id/1025846
CVE Reference:   CVE-2011-3011   (Links to External Site)
Updated:  Aug 13 2011
Original Entry Date:  Jul 26 2011
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): r15
Description:   A vulnerability was reported in CA ARCserve D2D. A remote user can bypass access controls to obtain authentication information.

A remote user can send specially crafted data to the homepageServlet on TCP port 8014 to obtain the administrative username and password. With this data, the remote user can then execute commands on the target system.

The original advisory is available at:

http://retrogod.altervista.org/9sg_ca_d2dii.html

rgod reported this vulnerability.

Impact:   A remote user can obtain the administrative authentication credentials.
Solution:   The vendor has issued a fix (RO33517).

The vendor's advisory is available at:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={7D3ACC0F-6C01-4BE2-B5C0-C430CEB45BE6}

Vendor URL:  support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={7D3ACC0F-6C01-4BE2-B5C0-C430CEB45BE6} (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC