ID CVE-2007-2139
Summary Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
References
Vulnerable Configurations
  • cpe:2.3:a:ca:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:ca:business_protection_suite:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ca:business_protection_suite:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*
    cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*
  • cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*
    cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*
  • cpe:2.3:a:ca:server_protection_suite:2:*:*:*:*:*:*:*
    cpe:2.3:a:ca:server_protection_suite:2:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 23635
bugtraq 20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities
cert-vn VU#979825
confirm http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
misc http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
osvdb 35326
sectrack 1017952
secunia 24972
sreason 2628
vupen ADV-2007-1529
xf brightstor-sun-rpc-bo(33854)
saint via4
bid 23635
description BrightStor ARCserve Media Server SUN RPC buffer overflow
id misc_arcserve240
osvdb 34127
title brightstor_arcserve_mediasvr_sunrpc
type remote
Last major update 16-10-2018 - 16:42
Published 25-04-2007 - 20:19
Last modified 16-10-2018 - 16:42
Back to Top