Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5330

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5330
Last Modified 07 Mar 2011 10:00:31
Published 12 Oct 2007 08:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5330

Summary

The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.

Vulnerable Systems

Application

  • Ca Brightstor Arcserve Backup 10.5

  • Ca Brightstor Arcserve Backup 11

  • Ca Brightstor Arcserve Backup 11.1

  • Ca Brightstor Arcserve Backup 11.5

  • Ca Brightstor Arcserve Backup 9.01

  • Ca Brightstor Enterprise Backup 10.5


References

CONFIRM - http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

MISC - http://secunia.com/secunia_research/2007-62/advisory/

VUPEN - ADV-2007-3470

OSVDB - 41374

OSVDB - 41373

XF - ca-brightstor-rpc-code-execution(37070)

SECTRACK - 1018805

BID - 26015

BUGTRAQ - 20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities

SECUNIA - 27192


Last Updated: 27 May 2016 10:46:08