Vulnerability CVE-2007-2139


Published: 2007-04-25   Modified: 2012-02-12

Description:
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

See advisories in our WLB2 database:
Topic
Author
Date
High
CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities
Tenable Network ...
27.04.2007

Type:

CWE-Other

Vendor: CA
Product: Brightstor arcserve backup 
Version:
9.01
11.5
11.1
11
Product: Business protection suite 
Version: 2.0;
Product: Server protection suite 
Version: 2;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://securityreason.com/securityalert/2628
http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
http://www.kb.cert.org/vuls/id/979825
http://www.securityfocus.com/archive/1/466790/100/0/threaded
http://www.securityfocus.com/bid/23635
http://www.securitytracker.com/id?1017952
http://www.vupen.com/english/advisories/2007/1529
http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/33854

Related CVE
CVE-2019-7394
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to g...
CVE-2019-7393
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive i...
CVE-2019-7392
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
CVE-2018-19635
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVE-2018-19634
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

Copyright 2019, cxsecurity.com

 

Back to Top