ID CVE-2006-6917
Summary Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
References
Vulnerable Configurations
  • Computer Associates BrightStor ARCserve Backup Server R11.5
    cpe:2.3:a:ca:brightstor_arcserve_backup_server:11.5
CVSS
Base: 10.0 (as of 12-01-2007 - 15:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description CA BrightStor ARCserve (tapeeng.exe) Remote Buffer Overflow Exploit. CVE-2006-6917. Remote exploit for windows platform
file exploits/windows/remote/3086.py
id EDB-ID:3086
last seen 2016-01-31
modified 2007-01-05
platform windows
port 6502
published 2007-01-05
reporter Winny Thomas
source https://www.exploit-db.com/download/3086/
title CA BrightStor ARCserve tapeeng.exe Remote Buffer Overflow Exploit
type remote
nessus via4
NASL family Windows
NASL id ARCSERVE_QO84983.NASL
description According to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple buffer overflows that can be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected host with SYSTEM privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 24015
published 2007-01-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=24015
title CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)
refmap via4
bugtraq
  • 20061208 LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability
  • 20061208 LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability
  • 20061211 Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup
  • 20061211 Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup
  • 20070109 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
  • 20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities
confirm
exploit-db 3086
misc
Last major update 19-02-2017 - 00:15
Published 31-12-2006 - 00:00
Last modified 16-10-2018 - 12:29
Back to Top