CVE-2007-5003

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
http://research.eeye.com/html/advisories/published/AD20070920.html
http://secunia.com/advisories/25606	Vendor Advisory
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674	Patch
http://www.securityfocus.com/archive/1/480252/100/100/threaded
http://www.securityfocus.com/bid/24348
http://www.securitytracker.com/id?1018728

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1::::::
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.0:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.1:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.2:::::::*
	cpe:2.3:a:ca:protection_suites:r2:::::::*

History

08 Apr 2021, 13:31

Type	Values Removed	Values Added
CPE	cpe:2.3:a:ca:desktop_management_suite:11.2:::::::* cpe:2.3:a:ca:desktop_management_suite:11.0:::::::* cpe:2.3:a:ca:desktop_management_suite:11.1:::::::*	cpe:2.3:a:broadcom:desktop_management_suite:11.1:::::::* cpe:2.3:a:broadcom:desktop_management_suite:11.2:::::::* cpe:2.3:a:broadcom:desktop_management_suite:11.0:::::::*

07 Apr 2021, 18:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:4.0:::::::* cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:::::::* cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.5:::::::* cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.0:::::::* cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1::::::	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:::::: cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:::::::* cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:::::::*

Information

Published : 2007-10-01 20:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-5003

Mitre link : CVE-2007-5003

CVE.ORG link : CVE-2007-5003

JSON object : View

Products Affected

broadcom

brightstor_arcserve_backup_laptops_desktops
desktop_management_suite

protection_suites

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10