CVE-2007-5003

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
http://research.eeye.com/html/advisories/published/AD20070920.html
http://secunia.com/advisories/25606	Vendor Advisory
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674	Patch
http://www.securityfocus.com/archive/1/480252/100/100/threaded
http://www.securityfocus.com/bid/24348
http://www.securitytracker.com/id?1018728
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
http://research.eeye.com/html/advisories/published/AD20070920.html
http://secunia.com/advisories/25606	Vendor Advisory
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674	Patch
http://www.securityfocus.com/archive/1/480252/100/100/threaded
http://www.securityfocus.com/bid/24348
http://www.securitytracker.com/id?1018728

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1::::::
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.0:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.1:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.2:::::::*
	cpe:2.3:a:ca:protection_suites:r2:::::::*

History

21 Nov 2024, 00:36

Type	Values Removed	Values Added
References	~~() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599 -~~	() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599 -
References	~~() http://research.eeye.com/html/advisories/published/AD20070920.html -~~	() http://research.eeye.com/html/advisories/published/AD20070920.html -
References	~~() http://secunia.com/advisories/25606 - Vendor Advisory~~	() http://secunia.com/advisories/25606 - Vendor Advisory
References	~~() http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp - Patch~~	() http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp - Patch
References	~~() http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006 - Patch~~	() http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006 - Patch
References	~~() http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674 - Patch~~	() http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674 - Patch
References	~~() http://www.securityfocus.com/archive/1/480252/100/100/threaded -~~	() http://www.securityfocus.com/archive/1/480252/100/100/threaded -
References	~~() http://www.securityfocus.com/bid/24348 -~~	() http://www.securityfocus.com/bid/24348 -
References	~~() http://www.securitytracker.com/id?1018728 -~~	() http://www.securitytracker.com/id?1018728 -

Information

Published : 2007-10-01 20:17

Updated : 2024-11-21 00:36

NVD link : CVE-2007-5003

Mitre link : CVE-2007-5003

CVE.ORG link : CVE-2007-5003

JSON object : View

Products Affected

protection_suites

broadcom

brightstor_arcserve_backup_laptops_desktops
desktop_management_suite

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-5003", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-01T20:17:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599", "source": "cve@mitre.org"}, {"url": "http://research.eeye.com/html/advisories/published/AD20070920.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24348", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018728", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://research.eeye.com/html/advisories/published/AD20070920.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/25606", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24348", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018728", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en CA (Computer Associates) BrightStor ARCserve Backup para Port\u00e1til y Sobremesa r11.0 hasta r11.5 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un (1) nombre de usuario \u00f3 (2) contrase\u00f1a largos en el comando rxrLogin de rxRPC.dll, \u00f3 un (3) argumento nombre de usuario largo en la funci\u00f3n GetUserInfo."}], "lastModified": "2024-11-21T00:36:55.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "261A513C-CBD4-4A1C-B58A-A9005774EC87"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B9C97C1-D295-4A84-B179-3FDF51DE1DD9"}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B"}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22268F99-2F38-481D-A0CC-B1FC96FDB953"}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6195AFF-0039-4F48-9E02-ACE8CF052EA8"}, {"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10