CVE-2007-0168

Description

The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

Related CPE's

Could not find any relations

References

http://www.zerodayinitiative.com/advisories/ZDI-07-002.html

Exploit

http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp

Patch

http://livesploit.com/advisories/LS-20061002.pdf

VU#662400

US Government Resource

23648

1017506

20070111 LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability

20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities

http://www.lssec.com/advisories/LS-20061002.pdf

22010

31327

ADV-2007-0154

brightstor-tapeengine-code-execution(31442)

20070111 ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io