ID CVE-2007-5004
Summary Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.
References
Vulnerable Configurations
  • cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
    cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:desktop_management_suite:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:ca:desktop_management_suite:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:desktop_management_suite:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:ca:desktop_management_suite:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:desktop_management_suite:11.2:*:*:*:*:*:*:*
    cpe:2.3:a:ca:desktop_management_suite:11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
    cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:39)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 24348
bugtraq 20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities
confirm
eeye 20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops
sectrack 1018728
secunia 25606
saint via4
  • bid 24348
    description BrightStor ARCserve Backup LGServer rxrLogin buffer overflow
    id misc_arcservecategory_lgserverauthuo
    osvdb 41353
    title brightstor_arcserve_rxrlogin
    type remote
  • bid 24348
    description BrightStor ARCserve Backup LGServer rxsUseLicenseIni buffer overflow
    id misc_arcservecategory_lgserverauthuo
    osvdb 35329
    title brightstor_arcserve_rxsuselicenseini
    type remote
  • bid 24348
    description CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow
    id misc_arcservecategory_lgserverauthuo
    osvdb 41352
    title brightstor_arcserve_lgserver_password
    type remote
  • bid 24348
    description BrightStor ARCserve Backup LGServer directory traversal
    id misc_arcservecategory_lgserverauthuo
    osvdb 41350
    title brightstor_arcserve_rxrreceivefile
    type remote
Last major update 15-10-2018 - 21:39
Published 01-10-2007 - 20:17
Last modified 15-10-2018 - 21:39
Back to Top