Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiTenable Network SecurityZDI-07-003
HistoryJan 11, 2007 - 12:00 a.m.

CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability

2007-01-1100:00:00
Tenable Network Security
www.zerodayinitiative.com
11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.943 High

EPSS

Percentile

99.2%

JSON

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaws exists in the Message Engine RPC service which listens by default on TCP ports 6503 and 6504 with the following UUIDs: dc246bf0-7a7a-11ce-9f88-00805fe43838 506b1890-14c8-11d1-bbc3-00805fa6962e The service exposes buffer overflow vulnerabilities in the handlers for RPC opnums 0x2F and 0x75 that allow for arbitrary code execution when handling user-supplied data from the RPC request.

Related

saint 12
securityvulns 4
cve 1
checkpoint_advisories 3
packetstorm 1
zdi 1
prion 1
cert 2
nessus 2
saint
saint
BrightStor ARCserve Message Engine opnum 0x2f buffer overflow
2007-01-19 00:00:00
BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow
2007-02-09 00:00:00
BrightStor ARCserve Message Engine opnum 0x75 buffer overflow
2007-01-24 00:00:00
securityvulns
securityvulns
ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability
2007-01-12 00:00:00
ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
2007-01-12 00:00:00
[CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities
2007-01-12 00:00:00
cve
cve
CVE-2007-0169
2007-01-11 22:28:00
checkpoint_advisories
checkpoint_advisories
CA BrightStor ARCserve Backup Message Engine Opcode 47 Buffer Overflow (CVE-2007-0169)
2009-10-12 00:00:00
CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (CVE-2007-0169)
2009-10-13 00:00:00
CA BrightStor ARCserve Backup Tape Engine RPC Opcode 207 Buffer Overflow (CVE-2007-0169)
2010-08-29 00:00:00
packetstorm
packetstorm
CA BrightStor ARCserve Message Engine Buffer Overflow
2009-11-26 00:00:00
zdi
zdi
CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
2007-01-11 00:00:00
prion
prion
Buffer overflow
2007-01-11 22:28:00
cert
cert
CA BrightStor ARCserve Backup Tape Engine RPC buffer overflow
2007-01-12 00:00:00
CA BrightStor ARCserve Backup Message Engine RPC buffer overflow
2007-01-12 00:00:00
nessus
nessus
CA BrightStor ARCserve Backup Tape Engine Multiple Remote Overflows (QO84983)
2007-01-12 00:00:00
CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO84983)
2007-01-15 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.943 High

EPSS

Percentile

99.2%

JSON
Related for ZDI-07-003
saint12securityvulns4cve1checkpoint_advisories3packetstorm1zdi1prion1cert2nessus2