Fortinet Discovers CA ARCserve Backup Remote Command Injection Vulnerability
Fortinet's FortiGuard Labs has discovered remote command injection vulnerability in CA ARCserve Backup.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jul 31, 2008
Users should apply the solution provided by CA..
The RPC interface of CA ARCserve Backup does not properly validate user input, allowing an anonymous attacker who connects to the RPC service to inject any command they wish. This service runs as "msgeng.exe", which registers an RPC interface and listens on TCP port 6504.
Haifei Li of Fortinet's FortiGuard Global Security Research Team