Back to CVE Browser

CVE-2008-2241

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0660%

EPSS Percentile19.72th

PublishedMay 21, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

Affected Platforms (CPE)

📦

Broadcom

Brightstor Arcserve Backup

= 11.1

📦

Broadcom

Brightstor Arcserve Backup

= 11.5

📦

Broadcom

Server Protection Suite

= 2

📦

Ca

Brightstor Arcserve Backup

= 11.0

📦

Ca

Brightstor Arcserve Backup

= r11.0

📦

Ca

Business Protection Suite

= 2.0

📦

Ca

Business Protection Suite

= 2.0

References & Advisories

🔗 http://secunia.com/advisories/30300

🔗 http://www.securityfocus.com/archive/1/492266/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/492274/100/0/threaded

🔗 http://www.securityfocus.com/bid/29283

🔗 http://www.securitytracker.com/id?1020043

🔗 http://www.vupen.com/english/advisories/2008/1573/references

🔗 http://www.zerodayinitiative.com/advisories/ZDI-08-027/

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/42524

Related Vulnerabilities

CVE-2005-169310.0

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, e...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...

CVE-2005-026010.0

Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to ex...

CVE-2006-691710.0

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers t...