Objet: Vulnérabilité dans divers produits Computer Associates

Risque

• Exécution de code arbitraire à distance

Systèmes affectés

• BrightStor ARCServe Backup for Laptops and Desktops r11.5 ;
• CA Desktop and Server Management r11.1 (GA, a, C1) ;
• CA Desktop and Server Management r11.2 ;
• CA Desktop and Server Management r11.2 C1 ;
• CA Desktop and Server Management r11.2 C2 ;
• CA Desktop and Server Management r11.2a ;
• CA Desktop Management Suite r11.1 (GA, a, C1) ;
• CA Desktop Management Suite r11.2 ;
• CA Desktop Management Suite r11.2 C1 ;
• CA Desktop Management Suite r11.2 C2 ;
• CA Desktop Management Suite r11.2a ;
• Unicenter Asset Management r11.1 (GA, a, C1) ;
• Unicenter Asset Management r11.2 ;
• Unicenter Asset Management r11.2 C1 ;
• Unicenter Asset Management r11.2 C2 ;
• Unicenter Asset Management r11.2a ;
• Unicenter Desktop Management Bundle r11.1 (GA, a, C1) ;
• Unicenter Desktop Management Bundle r11.2 ;
• Unicenter Desktop Management Bundle r11.2 C1 ;
• Unicenter Desktop Management Bundle r11.2 C2 ;
• Unicenter Desktop Management Bundle r11.2a ;
• Unicenter Remote Control r11.1 (GA, a, C1) ;
• Unicenter Remote Control r11.2 ;
• Unicenter Remote Control r11.2 C1 ;
• Unicenter Remote Control r11.2 C2 ;
• Unicenter Remote Control r11.2a ;
• Unicenter Software Delivery r11.1 (GA, a, C1) ;
• Unicenter Software Delivery r11.2 ;
• Unicenter Software Delivery r11.2 C1 ;
• Unicenter Software Delivery r11.2 C2 ;
• Unicenter Software Delivery r11.2a ;

Documentation

• Bulletin de sécurité Computer Associates du 15 avril 2008 :
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
• Référence CVE CVE-2008-1786
https://www.cve.org/CVERecord?id=CVE-2008-1786