Vulnerability Name:

CVE-2008-4400 (CCN-45777)

Assigned:2008-10-09
Published:2008-10-09
Updated:2021-04-09
Summary:Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-4400

Source: CCN
Type: SA32220
CA ARCserve Backup Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
32220

Source: CCN
Type: SECTRACK ID: 1021032
CA ARCserve Backup Bugs Let Remote Users Crash the Target Services or Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 49471
CA ARCserve Backup asdbapi.dll Crafted Authentication Credential Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20081009 CA ARCserve Backup Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
31684

Source: CCN
Type: BID-31684
Computer Associates ARCserve Backup Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021032

Source: VUPEN
Type: UNKNOWN
ADV-2008-2777

Source: XF
Type: UNKNOWN
ca-arcservebackup-authentication-dos(45777)

Source: XF
Type: UNKNOWN
ca-arcservebackup-authentication-dos(45777)

Source: CCN
Type: CA Security Advisory Vulnerability ID: 188143
Security Notice for CA ARCserve Backup

Source: CONFIRM
Type: Patch, Vendor Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:server_protection_suite:r2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:business_protection_suite:r2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:arcserve_backup:r12.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:business_protection_suite:r2:*:microsoft_small_business_server_premium:*:*:*:*:*
  • OR cpe:/a:ca:business_protection_suite:r2:*:microsoft_small_business_server_standard:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom server protection suite r2
    broadcom business protection suite r2
    ca arcserve backup r11.1
    ca arcserve backup r11.5
    broadcom arcserve backup r12.0
    ca business protection suite r2
    ca business protection suite r2
    ca brightstor arcserve backup 11.1
    ca server protection suite 2
    ca business protection suite 2.0
    ca brightstor arcserve backup 11.5