Lucene search

MitreCVE-2007-5331

HistoryOct 13, 2007 - 12:17 a.m.

CVE-2007-5331

2007-10-1300:17:00

CWE-94

mitre

web.nvd.nist.gov

brightstor

arcserve

backup

remote code execution

vulnerability

cve-2007-5331

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.033

Percentile

91.4%

JSON

Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.

Affected configurations

Nvd

Node

broadcombrightstor_arcserve_backupMatch9.01

broadcombrightstor_arcserve_backupMatch11.1

broadcombrightstor_arcserve_backupMatch11.5

broadcombrightstor_enterprise_backupMatch10.5

broadcombusiness_protection_suiteMatch2.0

broadcomserver_protection_suiteMatch2

cabrightstor_arcserve_backupMatch11windows

cabusiness_protection_suiteMatch2.0microsoft_small_business_server_premium

cabusiness_protection_suiteMatch2.0microsoft_small_business_server_standard

VendorProductVersionCPE
broadcombrightstor_arcserve_backup9.01cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
broadcombrightstor_arcserve_backup11.1cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
broadcombrightstor_arcserve_backup11.5cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
broadcombrightstor_enterprise_backup10.5cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
broadcombusiness_protection_suite2.0cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*
broadcomserver_protection_suite2cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
cabrightstor_arcserve_backup11cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
cabusiness_protection_suite2.0cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_small_business_server_premium:*:*:*:*:*
cabusiness_protection_suite2.0cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_small_business_server_standard:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	brightstor_arcserve_backup	9.01	cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
broadcom	brightstor_arcserve_backup	11.1	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
broadcom	brightstor_arcserve_backup	11.5	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
broadcom	brightstor_enterprise_backup	10.5	cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
broadcom	business_protection_suite	2.0	cpe:2.3:a:broadcom:business_protection_suite:2.0:::::::*
broadcom	server_protection_suite	2	cpe:2.3:a:broadcom:server_protection_suite:2:::::::*
ca	brightstor_arcserve_backup	11	cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
ca	business_protection_suite	2.0	cpe:2.3:a:ca:business_protection_suite:2.0::microsoft_small_business_server_premium:::::
ca	business_protection_suite	2.0	cpe:2.3:a:ca:business_protection_suite:2.0::microsoft_small_business_server_standard:::::

References

osvdb.org/41371

research.eeye.com/html/advisories/published/AD20071011.html

secunia.com/advisories/27192

supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

www.securityfocus.com/archive/1/482114/100/0/threaded

www.securityfocus.com/archive/1/482121/100/0/threaded

www.securityfocus.com/bid/24680

www.securitytracker.com/id?1018805

www.vupen.com/english/advisories/2007/3470

exchange.xforce.ibmcloud.com/vulnerabilities/37071

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.033

Percentile

91.4%

JSON

Related for CVE-2007-5331