CVE-2007-5004

Description

Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.

Related CPE's

acaprotection_suitesr2*******

abroadcombrightstor_arcserve_backup_laptops_desktops4.0*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.5*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.0*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.1*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.1sp1******

abroadcomdesktop_management_suite11.2*******

abroadcomdesktop_management_suite11.0*******

abroadcomdesktop_management_suite11.1*******

References

20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Patch

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675

Patch

24348

1018728

25606

PatchVendor Advisory

20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io