Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5328

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5328
Last Modified 07 Mar 2011 10:00:30
Published 12 Oct 2007 08:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5328

Summary

The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."

Vulnerable Systems

Application

  • Ca Brightstor Arcserve Backup 10.5

  • Ca Brightstor Arcserve Backup 11

  • Ca Brightstor Arcserve Backup 11.1

  • Ca Brightstor Arcserve Backup 11.5

  • Ca Brightstor Arcserve Backup 9.01

  • Ca Brightstor Enterprise Backup 10.5


References

CONFIRM - http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

XF - ca-brightstor-unspecified-security-bypass(37067)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-069.html

VUPEN - ADV-2007-3470

SECTRACK - 1018805

BID - 26015

BUGTRAQ - 20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability

BUGTRAQ - 20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities

SECUNIA - 27192


Last Updated: 27 May 2016 10:46:08