CVE-2007-5004 - Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11

CVE-2007-5004

Summary

Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 08-04-2021 - 13:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	24348
bugtraq	20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities
confirm	http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675
eeye	20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops
sectrack	1018728
secunia	25606

saint via4

bid	24348
description	CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow
id	misc_arcservecategory_lgserverauthuo
osvdb	41352
title	brightstor_arcserve_lgserver_password
type	remote

bid 24348
description BrightStor ARCserve Backup LGServer directory traversal
id misc_arcservecategory_lgserverauthuo
osvdb 41350
title brightstor_arcserve_rxrreceivefile
type remote
bid 24348
description BrightStor ARCserve Backup LGServer rxsUseLicenseIni buffer overflow
id misc_arcservecategory_lgserverauthuo
osvdb 35329
title brightstor_arcserve_rxsuselicenseini
type remote
bid 24348
description BrightStor ARCserve Backup LGServer rxrLogin buffer overflow
id misc_arcservecategory_lgserverauthuo
osvdb 41353
title brightstor_arcserve_rxrlogin
type remote

Last major update

08-04-2021 - 13:31

Published

01-10-2007 - 20:17

Last modified

08-04-2021 - 13:31