CVE-2008-3175

Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html
http://secunia.com/advisories/31319	Vendor Advisory
http://www.securityfocus.com/archive/1/495020/100/0/threaded
http://www.securityfocus.com/bid/30472	Patch
http://www.securitytracker.com/id?1020590
http://www.vupen.com/english/advisories/2008/2286	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44137
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721	Patch Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html
http://secunia.com/advisories/31319	Vendor Advisory
http://www.securityfocus.com/archive/1/495020/100/0/threaded
http://www.securityfocus.com/bid/30472	Patch
http://www.securitytracker.com/id?1020590
http://www.vupen.com/english/advisories/2008/2286	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44137
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.1:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.2:::::::*
	cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.0:::::::*
	cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:::::::*
	cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1::sp1:::::
	cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1::sp2:::::
	cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.5:::::::*
	cpe:2.3:a:ca:brightstor_arcserve_backup:11.0:::::::*
	cpe:2.3:a:ca:brightstor_arcserve_backup:11.1::sp1:::::
	cpe:2.3:a:ca:brightstor_arcserve_backup:11.1::sp2:::::
	cpe:2.3:a:ca:protection_suites:2:::::::*
	cpe:2.3:a:ca:protection_suites:3.0:::::::*
	cpe:2.3:a:ca:protection_suites:3.1:::::::*

History

21 Nov 2024, 00:48

Type	Values Removed	Values Added
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html -
References	~~() http://secunia.com/advisories/31319 - Vendor Advisory~~	() http://secunia.com/advisories/31319 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/495020/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/495020/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/30472 - Patch~~	() http://www.securityfocus.com/bid/30472 - Patch
References	~~() http://www.securitytracker.com/id?1020590 -~~	() http://www.securitytracker.com/id?1020590 -
References	~~() http://www.vupen.com/english/advisories/2008/2286 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/2286 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/44137 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/44137 -
References	~~() https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721 - Patch, Vendor Advisory~~	() https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721 - Patch, Vendor Advisory

Information

Published : 2008-08-01 14:41

Updated : 2025-04-09 00:30

NVD link : CVE-2008-3175

Mitre link : CVE-2008-3175

CVE.ORG link : CVE-2008-3175

JSON object : View

Products Affected

protection_suites
arcserve_backup_for_laptops_and_desktops
brightstor_arcserve_backup

broadcom

brightstor_arcserve_backup
desktop_management_suite

CWE

CWE-189

Numeric Errors

{"id": "CVE-2008-3175", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-01T14:41:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31319", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/495020/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30472", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020590", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2286", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44137", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063594.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/31319", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/495020/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30472", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1020590", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2286", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44137", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow."}, {"lang": "es", "value": "Subdesbordamiento de enteros en la biblioteca rxRPC.dll en el servicio LGServer en el servidor en CA ARCserve Backup versiones 11.0 hasta 11.5 para ordenadores Port\u00e1tiles y Escritorios, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un mensaje dise\u00f1ado que desencadena un desbordamiento de b\u00fafer."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414"}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22268F99-2F38-481D-A0CC-B1FC96FDB953"}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6195AFF-0039-4F48-9E02-ACE8CF052EA8"}, {"criteria": "cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6198653-D0D8-48D4-B2DB-58F92F621DA9"}, {"criteria": "cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3B81CE4-F767-4A34-BE39-EEC3DBBF206A"}, {"criteria": "cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:sp1:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25BB7845-980B-4085-B07B-CC1AB814B53F"}, {"criteria": "cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.1:*:sp2:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE545056-0DFB-4947-B530-F551940DBE5F"}, {"criteria": "cpe:2.3:a:ca:arcserve_backup_for_laptops_and_desktops:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B98A90C-AAA9-44DE-9289-D4E33397B62F"}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9190C236-0BBF-47CF-94F5-F2408D33C5CD"}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:sp1:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0498FD-4246-427A-8E70-24948EE3A6ED"}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:sp2:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F887250D-D323-4ED7-AA96-829BAC6BB2D2"}, {"criteria": "cpe:2.3:a:ca:protection_suites:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "533C42DE-8FEA-443A-B250-4CD44A1CFAAC"}, {"criteria": "cpe:2.3:a:ca:protection_suites:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D92D9D51-EBF8-45A2-A315-42DE5768DB6E"}, {"criteria": "cpe:2.3:a:ca:protection_suites:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D020DF6-2016-4901-AC33-FA56C277957C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10