CVE-2007-0168 – CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2007-0168
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. El servicio Tape Engine en Computer Associates (CA) BrightStor ARCserve Backup 9.01 hasta 11.5, Enterprise Backup 10.5, y CA Server/Business Protection Suite r2 permite a atacantes remotos ejecutar código de su elección mediante ciertos datos en opnum 0xBF en una petición RPC que es directamente ejecutada. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the handling of RPC requests to the Tape Engine service which listens by default on TCP port 6502 with the following UUID: 62b93df0-8b02-11ce-876c-00805f842837 The handler function for RPC opnum 0xBF directly calls user-supplied data in the RPC request, resulting in trivial arbitrary code execution. • https://www.exploit-db.com/exploits/29444 http://livesploit.com/advisories/LS-20061002.pdf http://osvdb.org/31327 http://secunia.com/advisories/23648 http://securitytracker.com/id?1017506 http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp http://www.kb.cert.org/vuls/id/662400 http://www.lssec.com/advisories/LS-20061002.pdf http://www.securityfocus.com/archive/1/456616/100/0/threaded http://www.securityfocus.com/archive/1/456637 http://www.secur •
CVE-2007-0169 – CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0169
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service. Unos desbordamientos de búfer múltiples en Computer Associates (CA) BrightStor ARCserve Backup versión 9.01 hasta versión 11.5, Enterprise Backup versión 10.5 y CA Server/Business Protection Suite r2, permiten a los atacantes remotos ejecutar código arbitrario por medio de peticiones RPC con datos creados para opnums (1) 0x2F y (2) 0x75 en (a) el servicio RPC del Motor Message, o opnum (3) 0xCF en el servicio del Motor Tape. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the Tape Engine RPC service which listens by default on TCP port 6503 with the following UUID: 2b93df0-8b02-11ce-876c-00805f842837 The service exposes a buffer overflow in the handler for RPC opnum 0xCF that allows for arbitrary code execution when handling user-supplied data from the RPC request. • https://www.exploit-db.com/exploits/16418 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=467 http://osvdb.org/31327 http://secunia.com/advisories/23648 http://securitytracker.com/id?1017506 http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp http://www.kb.cert.org/vuls/id/151032 http://www.kb.cert.org/vuls/id/180336 http://www.securityfocus.com/archive/1/456618/100/0/threaded http://www.securityfocus.com/archive/1/456619/100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-6076 – CA BrightStor ARCserve - Tape Engine Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-6076
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502. Desbordamiento de búfer en Tape Engine (tapeeng.exe) en Computer Associates BrightStor ARCserve Backup 11.5 permite a un atacante remoto ejecutar código de su elección a través de ciertas RPC al puerto TCP 6502. • https://www.exploit-db.com/exploits/16407 http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html http://secunia.com/advisories/23060 http://secunia.com/advisories/24512 http://securitytracker.com/id?1017268 http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp http://www.kb.cert.org/vuls/id/437300 http://www.securityfocus.com/archive/1/452222/100/0/threaded •
CVE-2006-5143 – CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-5143
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. Múltiples desbordamientos de búfer basado en montón en CA BrightStor ARCserve Backup r11.5 SP1 y anteriores, r11.1, y 9.01; BrightStor ARCServe Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; y Buisiness Protection Suite r2 permiten a un atacante remoto ejecutar código de su elección mediante datos manipulados en el puerto TCP 6071 para el Backup Agent RPC Server (DBASVR.exe) utilizando rutinas RPC con códigos de operación (opcode) (1) 0x01, (2) 0x02, y (3) 0x18; datos de cabo (stub) inválidos en el puerto TCP 6503 para las rutinas RPC con códigos de operación (4)0x2b o (5) 0x2d en ASCORE.dll en el Message Engine RPC Server (msgeng.exe); (6) un nombre de anfitrión (hostname ) largo en el puerto TCP 41523 para ASBRDCST.DLL en el Discovery Service (casdscsvc.exe); o vectores no especificados relacionados con el (7) Job Engine Service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability. The problem specifically exists within ASCORE.dll, a DLL used by the Message Engine RPC server. This service exposes a heap overflow vulnerability through RPC opcode 43 (0x2b) and a stack overflow vulnerability through RPC opcode 45 (0x2d) on TCP port 6503 endpoint with ID dc246bf0-7a7a-11ce-9f88-00805fe43838. • https://www.exploit-db.com/exploits/3495 https://www.exploit-db.com/exploits/16401 https://www.exploit-db.com/exploits/28765 https://www.exploit-db.com/exploits/28766 http://secunia.com/advisories/22285 http://securitytracker.com/id?1017003 http://securitytracker.com/id?1017004 http://securitytracker.com/id?1017005 http://securitytracker.com/id?1017006 http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp http://www.kb.cert.org/vuls/id/361792 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2535 – CA BrightStor ARCserve Backup - Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2005-2535
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260. • https://www.exploit-db.com/exploits/815 https://www.exploit-db.com/exploits/16408 http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html http://archives.neohapsis.com/archives/bugtraq/2005-02/0141.html http://archives.neohapsis.com/archives/bugtraq/2005-02/0201.html http://secunia.com/advisories/14293 http://www.kb.cert.org/vuls/id/966880 http://www.osvdb.org/13814 http://www.securityfocus.com/bid/12536 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx •