CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.4%
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.
Vendor | Product | Version | CPE |
---|---|---|---|
broadcom | brightstor_arcserve_backup_laptops_desktops | 11.1 | cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:* |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
osvdb.org/35329
research.eeye.com/html/advisories/published/AD20070920.html
research.eeye.com/html/advisories/upcoming/20070604.html
secunia.com/advisories/25606
supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp
supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006
www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673
www.securityfocus.com/archive/1/480252/100/100/threaded
www.securityfocus.com/bid/24348
www.securitytracker.com/id?1018216
www.securitytracker.com/id?1018728
www.vupen.com/english/advisories/2007/2121
exchange.xforce.ibmcloud.com/vulnerabilities/34805
More