CVE-2006-5171

Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/31319
http://secunia.com/advisories/23648
http://securitytracker.com/id?1017506
http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp	Patch Vendor Advisory
http://www.iss.net/threats/252.html	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/456711
http://www.securityfocus.com/bid/22015
http://www.vupen.com/english/advisories/2007/0154
https://exchange.xforce.ibmcloud.com/vulnerabilities/29343

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup::::::::
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
	cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
	cpe:2.3:a:ca:protection_suites:r2:::::::*

History

07 Apr 2021, 18:20

Type	Values Removed	Values Added
CPE	cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:::::::* cpe:2.3:a:ca:brightstor_arcserve_backup:::::::: cpe:2.3:a:ca:brightstor_arcserve_backup:9.01:::::::*	cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup::::::::

Information

Published : 2007-01-16 20:28

Updated : 2023-12-10 10:40

NVD link : CVE-2006-5171

Mitre link : CVE-2006-5171

CVE.ORG link : CVE-2006-5171

JSON object : View

Products Affected

ca

protection_suites

broadcom

brightstor_arcserve_backup
brightstor_enterprise_backup

CWE

NVD-CWE-Other

{"id": "CVE-2006-5171", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-16T20:28:00.000", "references": [{"url": "http://osvdb.org/31319", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23648", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017506", "source": "cve@mitre.org"}, {"url": "http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/threats/252.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/456711", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22015", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0154", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29343", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the \"Mediasvr.exe Overflow,\" a different vulnerability than CVE-2006-5172."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el interfaz RPC en Mediasvr.exe en Computer Associates (CA) Brightstor ARCserve Backup 9.01 hasta 11.5, Enterprise Backup 10.5, y CA Protection Suites r2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante paquetes SUNRPC manipulados, tambi\u00e9n conocido como el \"Desbordamiento Mediasvr.exe\" una vulnerabilidad distinta a CVE-2006-5172."}], "lastModified": "2021-04-07T18:20:52.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A72E07D-2997-46CF-847F-899CB60FC771", "versionEndIncluding": "11.5"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597"}, {"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}