ID CVE-2006-6917
Summary Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
References
Vulnerable Configurations
  • cpe:2.3:a:ca:brightstor_arcserve_backup_server:11.5:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup_server:11.5:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bugtraq
  • 20061208 LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability
  • 20061208 LS-20061001 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability
  • 20061211 Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup
  • 20061211 Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup
  • 20070109 CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
  • 20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities
confirm
exploit-db 3086
misc
Last major update 16-10-2018 - 16:29
Published 31-12-2006 - 05:00
Back to Top