CVE-2007-5005

Description

Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

Related CPE's

acaprotection_suitesr2*******

abroadcombrightstor_arcserve_backup_laptops_desktops4.0*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.5*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.0*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.1*******

abroadcombrightstor_arcserve_backup_laptops_desktops11.1sp1******

abroadcomdesktop_management_suite11.2*******

abroadcomdesktop_management_suite11.0*******

abroadcomdesktop_management_suite11.1*******

References

20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Patch

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676

Patch

24348

1018728

25606

PatchVendor Advisory

20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

10

Created by Yello
About Severity.io