Lucene search
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.ARCSERVE_QO84983.NASLHistoryJan 15, 2007 - 12:00 a.m.
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)
2007-01-1500:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
17
According to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple buffer overflows that can be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected host with SYSTEM privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(24015);
script_version("1.24");
script_cvs_date("Date: 2018/11/15 20:50:26");
script_cve_id("CVE-2006-5171","CVE-2006-5172","CVE-2006-6076","CVE-2006-6917","CVE-2007-0168","CVE-2007-0169");
script_bugtraq_id(21221, 22005, 22006, 22010, 22015, 22016);
script_name(english:"CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)");
script_summary(english:"Checks version of BrightStor ARCserve Backup");
script_set_attribute(attribute:"synopsis", value:
"The remote software is affected by multiple vulnerabilities." );
script_set_attribute(attribute:"description", value:
"According to its version, the installation of BrightStor ARCserve
Backup on the remote host is affected by multiple buffer overflows
that can be exploited by an unauthenticated, remote attacker to execute
arbitrary code on the affected host with SYSTEM privileges." );
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e175e643" );
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?543ab108" );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/456711/30/0/threaded" );
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?25216527" );
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch as described in the vendor advisory." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'CA BrightStor ARCserve Message Engine Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/15");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ca:arcserve_backup");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
script_dependencies("arcserve_discovery_service_detect.nasl");
script_require_keys("ARCSERVE/Discovery/Version");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
ver = get_kb_item("ARCSERVE/Discovery/Version");
if (isnull(ver)) exit(0);
matches = eregmatch(string:ver, pattern:"^[a-z]([0-9]+\.[0-9]+) \(build ([0-9]+)\)$");
if (!isnull(matches))
{
ver = matches[1];
build = int(matches[2]);
if (
(ver == "11.5" && build < 4235) ||
(ver == "11.1" && build < 3207) ||
# nb: QI82917 says there's no patch for 11.0; the solution is to
# upgrade to 11.1 and then apply QO84984.
(ver == "11.0") ||
# nb: QO84986 doesn't exist.
(ver == "10.5") ||
(ver == "9.0" && build < 2204)
)
{
# Issue a report for each open TCP port.
tcp_ports = make_list(
111, # Mediasvr service
6502, # Tape Engine
6503, # Message Engine
6504 # Message Engine
);
foreach port (tcp_ports)
{
# Make sure the port is open.
if (get_port_state(port) && service_is_unknown(port:port))
{
soc = open_sock_tcp(port);
if (soc)
{
close(soc);
security_hole(port);
}
}
}
udp_ports = make_list(
111 # Mediasvr service
);
foreach port (udp_ports)
{
security_hole(port:port, proto:"udp");
}
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ca | arcserve_backup | cpe:/a:ca:arcserve_backup |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5171
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6917
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169
www.nessus.org/u?25216527
www.nessus.org/u?543ab108
www.nessus.org/u?e175e643
www.securityfocus.com/archive/1/456711/30/0/threaded
Related
securityvulns
securityvulns
nessus
nessus
cve
cve
prion
prion
Stack overflow
2007-04-25 20:19:00
Cross site request forgery (csrf)
2007-01-11 22:28:00
Buffer overflow
2007-01-11 22:28:00
checkpoint_advisories
checkpoint_advisories
saint
saint
BrightStor ARCserve Backup Tape Engine GetGroupStatus buffer overflow
2006-12-22 00:00:00
BrightStor ARCserve Backup Tape Engine ReserveGroup buffer overflow
2006-12-26 00:00:00
BrightStor ARCserve Backup Tape Engine GetGroupStatus buffer overflow
2006-12-22 00:00:00
cert
cert
Computer Associates BrightStor ARCserve Backup Tape Engine fails to properly handle RPC requests
2006-11-22 00:00:00
CA BrightStor ARCserve Backup Tape Engine directly calls user supplied data in RPC requests
2007-01-12 00:00:00
CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow
2007-01-12 00:00:00
packetstorm
packetstorm
CA BrightStor ARCserve Tape Engine Buffer Overflow
2009-11-26 00:00:00
CA BrightStor ARCserve Message Engine Buffer Overflow
2009-11-26 00:00:00
zdi
zdi
CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability
2007-01-11 00:00:00
CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
Related for ARCSERVE_QO84983.NASL