发布日期：2008-07-31
更新日期：2008-08-01

受影响系统：

Computer Associates Protection Suites 3.1
Computer Associates Protection Suites 3
Computer Associates Protection Suites 2
Computer Associates ARCserve Backup (L&D) r11.5
Computer Associates ARCserve Backup (L&D) r11.1 SP2
Computer Associates ARCserve Backup (L&D) r11.1 SP1
Computer Associates ARCserve Backup (L&D) r11.1
Computer Associates ARCserve Backup (L&D) r11.0
Computer Associates Desktop Management Suite 11.2
Computer Associates Desktop Management Suite 11.1

描述：

---

BUGTRAQ  ID: 30472
CVE(CAN) ID: CVE-2008-3175

CA的ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。

CA ARCserve Backup for Laptops and Desktops的LGServer服务在处理入站消息时存在整数溢出漏洞，如果未经认证的远程攻击者向TCP 1900端口上的LGServer服务提交了恶意请求的话，就会触发这个溢出，导致拒绝服务或执行任意指令。

<*来源：Assurent Secure Technologies
  
  链接：http://marc.info/?l=full-disclosure&m=121752348726889&w=2
        https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721
        http://secunia.com/advisories/31319/
*>

建议：

---

厂商补丁：

Computer Associates
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=QI85497&os=WINDOWS&actionID=3
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO00912&os=WINDOWS&actionID=3#solndownloads
https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01150&os=WINDOWS&actionID=3

浏览次数：2753
严重程度：0（网友投票）