Computer Security
[EN] securityvulns.ru no-pyccku


CA BrightStor ARCServe BackUp multiple security vulnerabilities
Published:12.10.2007
Source:
SecurityVulns ID:8243
Type:remote
Threat Level:
7/10
Description:TCP/6504 RPC-based requests processing multiple buffer overflows.
Affected:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
CVE:CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.)
 CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.)
 CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.)
 CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.)
 CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code via a "Privileged function exposure.")
 CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.)
 CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentEEYE, [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities (12.10.2007)
 documentEEYE, EEYE: CA BrightStor ArcServe Backup Server Arbitrary Pointer Dereference (12.10.2007)
 documenthfli, CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (12.10.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod