Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:45503A76601FACFC0D9030D85D5CFB2C
HistoryNov 28, 2008 - 12:00 a.m.

CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow

2008-11-2800:00:00
SAINT Corporation
my.saintcorporation.com
17

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.919 High

EPSS

Percentile

98.9%

JSON

Added: 11/28/2008
CVE: CVE-2007-5004
BID: 24348
OSVDB: 41352

Background

BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections.

Problem

An integer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted authentication password to the LGServer service.

Resolution

Apply the appropriate update referenced in the CA Security Notice.

References

<http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675&gt;
<http://archives.neohapsis.com/archives/bugtraq/2007-09/0287.html&gt;

Limitations

Exploit works on CA ARCserve Backup for Laptops and Desktops 11.1 SP2.

This exploit does not work on Windows Server 2003 with DEP enabled.

Platforms

Windows 2000
Windows Server 2003

Related

prion 1
saint 3
cvelist 1
cve 1
checkpoint_advisories 2
nvd 1
securityvulns 2
seebug 1
nessus 1
prion
prion
Integer overflow
2007-10-01 20:17:00
saint
saint
CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow
2008-11-28 00:00:00
CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow
2008-11-28 00:00:00
CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow
2008-11-28 00:00:00
cvelist
cvelist
CVE-2007-5004
2007-10-01 20:00:00
cve
cve
CVE-2007-5004
2007-10-01 20:17:00
checkpoint_advisories
checkpoint_advisories
CA BrightStor ARCServe Backup LGServer Auth Password Buffer Overflow (CVE-2007-5004)
2009-11-10 00:00:00
IPS-1 Protection Update for Various Enterprise Products (enterprisesoftware Version 1)
2007-10-24 00:00:00
nvd
nvd
CVE-2007-5004
2007-10-01 20:17:00
securityvulns
securityvulns
CA ARCServe Backup multiple security vulnerabilities
2007-09-24 00:00:00
[Full-disclosure] [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities
2007-09-24 00:00:00
seebug
seebug
CA ARCserve Backup多个远程溢出及目录遍历漏洞
2007-09-25 00:00:00
nessus
nessus
CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Remote Vulnerabilities
2013-08-13 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.919 High

EPSS

Percentile

98.9%

JSON
Related for SAINT:45503A76601FACFC0D9030D85D5CFB2C
prion1saint3cvelist1cve1checkpoint_advisories2nvd1securityvulns2seebug1nessus1