[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252097

 
 

909

 
 

196747

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0168Date: (C)2007-01-11   (M)2023-12-22


The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017506
http://www.securityfocus.com/archive/1/456637
http://www.securityfocus.com/archive/1/456616/100/0/threaded
20070111
http://www.securityfocus.com/archive/1/456711
BID-22010
SECUNIA-23648
OSVDB-31327
ADV-2007-0154
VU#662400
brightstor-tapeengine-code-execution(31442)
http://livesploit.com/advisories/LS-20061002.pdf
http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
http://www.lssec.com/advisories/LS-20061002.pdf
http://www.zerodayinitiative.com/advisories/ZDI-07-002.html

CPE    2
cpe:/a:broadcom:business_protection_suite:2.0
cpe:/a:broadcom:brightstor_enterprise_backup:10.5

© SecPod Technologies