CVE-2007-5331
https://notcve.org/view.php?id=CVE-2007-5331
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers. La biblioteca Queue.dll para el servicio de colas de mensajes (LQserver.exe) en CA BrightStor ARCServe BackUp versión v9.01 hasta R11.5, y Enterprise Backup r10.5, permite a atacantes remotos ejecutar código arbitrario por medio de una petición de protocolo ONRPC malformada para la operación 0x76, lo que hace que ARCserve Backup elimine la referencia de punteros arbitrarios. • http://osvdb.org/41371 http://research.eeye.com/html/advisories/published/AD20071011.html http://secunia.com/advisories/27192 http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp http://www.securityfocus.com/archive/1/482114/100/0/threaded http://www.securityfocus.com/archive/1/482121/100/0/threaded http://www.securityfocus.com/bid/24680 http://www.securitytracker.com/id?1018805 http://www.vupen.com/english/advisories/2007/3470 https://exchange.xforce.ibmcloud • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-5329
https://notcve.org/view.php?id=CVE-2007-5329
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption. Vulnerabilidad sin especificar en el dbasvr del CA BrightStor ARCServe BackUp v9.01 hasta la R11.5 y el Enterprise Backup r10.5, tiene un impacto desconocido y vectores de ataque relacionados con la corrupción de memoria. • http://osvdb.org/41372 http://secunia.com/advisories/27192 http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp http://www.securityfocus.com/archive/1/482121/100/0/threaded http://www.securityfocus.com/bid/26015 http://www.securitytracker.com/id?1018805 http://www.vupen.com/english/advisories/2007/3470 https://exchange.xforce.ibmcloud.com/vulnerabilities/37068 • CWE-399: Resource Management Errors •
CVE-2007-5326
https://notcve.org/view.php?id=CVE-2007-5326
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en (1) RPC y (2) rpcx.dll de CA BrightStor ARCServer BackUp v9.01 hasta R11.5, y Enterprise Backup r10.5, permiten a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/41368 http://secunia.com/advisories/27192 http://secunia.com/secunia_research/2007-49/advisory http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp http://www.securityfocus.com/archive/1/482121/100/0/threaded http://www.securityfocus.com/bid/26015 http://www.securitytracker.com/id?1018805 http://www.vupen.com/english/advisories/2007/3470 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-2139 – CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2139
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. Múltiple desbordamiento de búfer basado en pila en el servicio SUN RPC del CA (antiguamente Computer Associates) BrightStor ARCserve Media Server, como el utilizado en el BrightStor ARCserve Backup 9.01 hasta la 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2 y Business Protection Suite 2, permite a atacantes remotos ejecutar código de su elección a través de cadenas RPC mal formadas. Vulnerabilidad diferente a las CVE-2006-5171, CVE-2006-5172 y CVE-2007-1785. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the SUN RPC service which binds to a randomly chosen high TCP port. • https://www.exploit-db.com/exploits/16413 http://osvdb.org/35326 http://secunia.com/advisories/24972 http://securityreason.com/securityalert/2628 http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp http://www.kb.cert.org/vuls/id/979825 http://www.securityfocus.com/archive/1/466790/100/0/threaded http://www.securityfocus.com/bid/23635 http://www.securitytracker.com/id?1017952 http://www.vupen.com/english/advisories/2007/1529 http://www.zerodayinitiat •
CVE-2007-0673
https://notcve.org/view.php?id=CVE-2007-0673
LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read. El archivo LGSERVER.EXE en BrightStor ARCserve Backup para Ordenadores Portátiles y de Escritorio versión r11.1 permite a los atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un valor de 0xFFFFFFFF en un determinado punto en un paquete de negociación de autenticación, resultando en una lectura fuera de límites. • http://osvdb.org/32948 http://securityreason.com/securityalert/2218 http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp http://www.securityfocus.com/archive/1/458650/100/0/threaded http://www.securityfocus.com/bid/22337 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •