Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5331

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5331
Last Modified 07 Mar 2011 12:00:00
Published 12 Oct 2007 08:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5331

Summary

Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.

Vulnerable Systems

Application

  • Ca Brightstor Arcserve Backup 11

  • Ca Brightstor Arcserve Backup 11.1

  • Ca Brightstor Arcserve Backup 11.5

  • Ca Brightstor Arcserve Backup 9.01

  • Ca Brightstor Enterprise Backup 10.5

  • Ca Business Protection Suite 2.0

  • Ca Server Protection Suite 2


References

CONFIRM - http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

XF - ca-brightstor-lqserver-code-execution(37071)

VUPEN - ADV-2007-3470

SECTRACK - 1018805

BID - 24680

BUGTRAQ - 20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities

BUGTRAQ - 20071011 EEYE: CA BrightStor ArcServe Backup Server Arbitrary Pointer Dereference

SECUNIA - 27192

EEYE - AD20071011

OSVDB - 41371


Last Updated: 27 May 2016 10:46:08