CVE-2008-2241

Published: May 21, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

Affected (7)

Products: Broadcom: Brightstor Arcserve Backup, Server Protection Suite · Ca: Brightstor Arcserve Backup, Business Protection Suite

2 products

Brightstor Arcserve Backup

Server Protection Suite

2 products

Brightstor Arcserve Backup

Business Protection Suite

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brightstor Arcserve Backup	Version 11.1
Broadcom Brightstor Arcserve Backup	Version 11.5
Broadcom Server Protection Suite	Version 2
Ca Brightstor Arcserve Backup	Version 11.0
Ca Brightstor Arcserve Backup	Version r11.0
Ca Business Protection Suite	Version 2.0
Ca Business Protection Suite	Version 2.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (18)

http://secunia.com/advisories/30300

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/492266/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/492274/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/29283

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1020043

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1573/references

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-08-027/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42524

Source: cve@mitre.org

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798

Source: cve@mitre.org

Patch

http://secunia.com/advisories/30300

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/492266/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/492274/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29283

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1020043

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1573/references

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-08-027/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/42524

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.