CVE-2007-3825

2007-07-1823:30:00

mitre

web.nvd.nist.gov

cve-2007-3825

buffer overflows

ca alert notification server

rpc

threat manager

brightstor arcserve

enterprise backup

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.108

Percentile

95.1%

JSON

Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.

Affected configurations

Nvd

Node

broadcomalert_notification_server

broadcombrightstor_arcserve_backupMatch9.01

broadcombrightstor_arcserve_backupMatch11.1

broadcombrightstor_arcserve_backupMatch11.5

broadcombrightstor_enterprise_backupMatch10.5

caanti-virus_for_the_enterpriseMatch8enterprise

cabrightstor_arcserve_backupMatch11windows

cabrightstor_arcserve_clientwindows

caprotection_suitesMatchr3

cathreat_managerMatch8enterprise

VendorProductVersionCPE
broadcomalert_notification_server*cpe:2.3:a:broadcom:alert_notification_server:*:*:*:*:*:*:*:*
broadcombrightstor_arcserve_backup9.01cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
broadcombrightstor_arcserve_backup11.1cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
broadcombrightstor_arcserve_backup11.5cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
broadcombrightstor_enterprise_backup10.5cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
caanti-virus_for_the_enterprise8cpe:2.3:a:ca:anti-virus_for_the_enterprise:8:*:enterprise:*:*:*:*:*
cabrightstor_arcserve_backup11cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
cabrightstor_arcserve_client*cpe:2.3:a:ca:brightstor_arcserve_client:*:*:windows:*:*:*:*:*
caprotection_suitesr3cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*
cathreat_manager8cpe:2.3:a:ca:threat_manager:8:*:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	alert_notification_server	*	cpe:2.3:a:broadcom:alert_notification_server::::::::
broadcom	brightstor_arcserve_backup	9.01	cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
broadcom	brightstor_arcserve_backup	11.1	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
broadcom	brightstor_arcserve_backup	11.5	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
broadcom	brightstor_enterprise_backup	10.5	cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
ca	anti-virus_for_the_enterprise	8	cpe:2.3:a:ca:anti-virus_for_the_enterprise:8::enterprise:::::
ca	brightstor_arcserve_backup	11	cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
ca	brightstor_arcserve_client	*	cpe:2.3:a:ca:brightstor_arcserve_client:::windows:::::*
ca	protection_suites	r3	cpe:2.3:a:ca:protection_suites:r3:::::::*
ca	threat_manager	8	cpe:2.3:a:ca:threat_manager:8::enterprise:::::