CVE-2007-2139

2007-04-2520:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

109

cve-2007-2139

buffer overflow

sun rpc service

ca brightstor arcserve

remote code execution

vulnerability

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.945 High

EPSS

Percentile

99.2%

JSON

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

CPENameOperatorVersion
ca:business_protection_suiteca business protection suiteeq2.0
ca:brightstor_arcserve_backupca brightstor arcserve backupeq11
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11.5
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq11.1
broadcom:brightstor_arcserve_backupbroadcom brightstor arcserve backupeq9.01
broadcom:business_protection_suitebroadcom business protection suiteeq2.0
broadcom:server_protection_suitebroadcom server protection suiteeq2

CPE	Name	Operator	Version
ca:business_protection_suite	ca business protection suite	eq	2.0
ca:brightstor_arcserve_backup	ca brightstor arcserve backup	eq	11
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11.5
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	11.1
broadcom:brightstor_arcserve_backup	broadcom brightstor arcserve backup	eq	9.01
broadcom:business_protection_suite	broadcom business protection suite	eq	2.0
broadcom:server_protection_suite	broadcom server protection suite	eq	2