Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiLivesploit.comZDI-06-031
HistoryOct 05, 2006 - 12:00 a.m.

CA Multiple Product Message Engine RPC Server Code Execution Vulnerability

2006-10-0500:00:00
livesploit.com
www.zerodayinitiative.com
22

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability. The problem specifically exists within ASCORE.dll, a DLL used by the Message Engine RPC server. This service exposes a heap overflow vulnerability through RPC opcode 43 (0x2b) and a stack overflow vulnerability through RPC opcode 45 (0x2d) on TCP port 6503 endpoint with ID dc246bf0-7a7a-11ce-9f88-00805fe43838. The flaws are exposed when passing long strings as the second parameter to either opcode.

Related

securityvulns 5
packetstorm 1
saint 8
zdi 1
checkpoint_advisories 3
cert 2
canvas 1
cve 1
nessus 2
securityvulns
securityvulns
[Full-disclosure] ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability
2006-10-06 00:00:00
[Full-disclosure] ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
2006-10-06 00:00:00
[Full-disclosure] TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities
2006-10-06 00:00:00
packetstorm
packetstorm
CA BrightStor ARCserve Message Engine Heap Overflow
2009-10-30 00:00:00
saint
saint
BrightStor ARCserve Message Engine RPC server buffer overflow
2006-11-09 00:00:00
BrightStor ARCserve discovery service ASBRDCST.DLL buffer overflow
2006-10-19 00:00:00
BrightStor ARCserve discovery service ASBRDCST.DLL buffer overflow
2006-10-19 00:00:00
zdi
zdi
CA BrightStor ARCserve Discovery Service Remote Buffer Overflow Vulnerability
2006-10-05 00:00:00
checkpoint_advisories
checkpoint_advisories
CA Products Discovery Service Buffer Overflow (CVE-2006-5143)
2009-11-12 00:00:00
CA Products Message Engine RPC Server Opcode 45 Buffer Overflow (CVE-2006-5143)
2009-10-14 00:00:00
CA Products Message Engine RPC Server Opcode 43 Buffer Overflow (CVE-2006-5143)
2009-10-15 00:00:00
cert
cert
Computer Associates Discovery Service buffer overflow
2006-11-01 00:00:00
Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities
2006-11-02 00:00:00
canvas
canvas
Immunity Canvas: BRIGHTSTOR_MESSAGE
2006-10-10 04:06:00
cve
cve
CVE-2006-5143
2006-10-10 04:06:00
nessus
nessus
CA BrightStor ARCserve Backup DBASVR for Windows Multiple Remote Buffer Overflows
2006-10-06 00:00:00
CA BrightStor ARCserve Backup for Windows Multiple Remote Buffer Overflows (QO81201)
2006-10-06 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.967 High

EPSS

Percentile

99.7%

JSON
Related for ZDI-06-031
securityvulns5packetstorm1saint8zdi1checkpoint_advisories3cert2canvas1cve1nessus2