Intrusion Prevention

CA.BrightStor.ARCServe.Backup.LGServer.Arbitrary.File.Upload

Description

This indicates a possible exploit of a directory traversal vulnerability in CA BrightStor ARCServe Backup for Laptops and Desktops.
The vulnerability is due to insufficient access control in the LGServer process while handling file uploads from remote users.

Affected Products

Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.0
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP2
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP1
Computer Associates BrightStor ARCserve Backup for Laptops and Desktop 11.5

Impact

Attackers may gain access to arbitrary files.

Recommended Actions

The vendor has issued the following fixes:
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0: QO91013
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&se archID=QO91013
CA ARCserve Backup for Laptops and Desktops 11.1: QO91014
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO91014
CA ARCserve Backup for Laptops and Desktops 11.5: QO91015
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO91015

CVE References

CVE-2007-5005 CVE-2008-1329