PROBLEM:
CA ARCserve Backup Flaws Let Remote Users Execute Arbitrary Code and Deny Service
PLATFORM:
CA ARCserve Backup for Windows r12.5, r15, r16
ABSTRACT:
Two vulnerabilities were reported in CA ARCserve Backup. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
REFERENCE LINKS:
SecurityTracker Alert ID: 1027683
CA Technologies Support
CVE-2012-2971
CVE-2012-2972
IMPACT ASSESSMENT:
High
DISCUSSION:
A remote user can send specially crafted RPC requests to execute arbitrary code on the target system [CVE-2012-2971]. The code will run with the privileges of the target service. Server installations are affected.
A remote user can send specially crafted RPC requests to cause the target service to crash [CVE-2012-2972]. Server and agent installations are affected.
IMPACT:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
SOLUTION:
The vendor has issued a fix.