Description: Luigi Auriemma has reported a vulnerability in CA ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an input validation error in the Discovery Service and can be exploited to crash the service by sending a specially crafted packet to port 41523/TCP.
The vulnerability affects the following products:
* CA ARCserve Backup r12.0 Windows
* CA ARCserve Backup r11.5 Windows SP3 and prior
* CA ARCserve Backup r11.1 Windows
* CA ARCserve Backup r11.1 Netware
* CA Server Protection Suite r2
* CA Business Protection Suite r2
* CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
* CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Changelog: 2008-05-02: Added CVE reference.
2008-06-19: Updated "Solution" section and added additional affected products based on vendor information. Added link to vendor's advisory.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
