CVE-2008-5415
CA ARCserve Backup 11.1-12.0 - Remote Code Execution via LDBserver RPC Handle Mismatch
Title source: llmDescription
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499128/100/0/threaded
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2007-82/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27299
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4708
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3404
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/50683
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32764
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499104/100/0/threaded
Patch, Vendor Advisory x_refsource_confirm
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293
Various Sources x_refsource_confirm
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/12/10.aspx
Scores
EPSS
0.1563
EPSS Percentile
94.8%
Details
Status
published
Products (3)
broadcom/arcserve_backup
r12.0
ca/arcserve_backup
r11.1
ca/arcserve_backup
r11.5
Published
Dec 11, 2008
Tracked Since
Feb 18, 2026