CVE-2007-5005

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5005
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://research.eeye.com/html/advisories/published/AD20070920.html
http://secunia.com/advisories/25606 Patch Vendor Advisory
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006 Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676 Patch
http://www.securityfocus.com/archive/1/480252/100/100/threaded
http://www.securityfocus.com/bid/24348
http://www.securitytracker.com/id?1018728
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
History

08 Apr 2021, 13:31

Type Values Removed Values Added
CPE cpe:2.3:a:ca:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:ca:desktop_management_suite:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:desktop_management_suite:11.1:*:*:*:*:*:*:*		 cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*

07 Apr 2021, 18:21

Type Values Removed Values Added
CPE cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*		 cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
Information

Published : 2007-10-01 20:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-5005

Mitre link : CVE-2007-5005

CVE.ORG link : CVE-2007-5005

JSON object : View

Products Affected

ca

  • protection_suites

broadcom

  • desktop_management_suite
  • brightstor_arcserve_backup_laptops_desktops
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')