CVE-2006-5143 – CA Multiple Product Message Engine RPC Server Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-5143
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. Múltiples desbordamientos de búfer basado en montón en CA BrightStor ARCserve Backup r11.5 SP1 y anteriores, r11.1, y 9.01; BrightStor ARCServe Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; y Buisiness Protection Suite r2 permiten a un atacante remoto ejecutar código de su elección mediante datos manipulados en el puerto TCP 6071 para el Backup Agent RPC Server (DBASVR.exe) utilizando rutinas RPC con códigos de operación (opcode) (1) 0x01, (2) 0x02, y (3) 0x18; datos de cabo (stub) inválidos en el puerto TCP 6503 para las rutinas RPC con códigos de operación (4)0x2b o (5) 0x2d en ASCORE.dll en el Message Engine RPC Server (msgeng.exe); (6) un nombre de anfitrión (hostname ) largo en el puerto TCP 41523 para ASBRDCST.DLL en el Discovery Service (casdscsvc.exe); o vectores no especificados relacionados con el (7) Job Engine Service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup, Enterprise Backup, Server Protection Suite and Business Protection Suite. Authentication is not required to exploit this vulnerability. The problem specifically exists within ASCORE.dll, a DLL used by the Message Engine RPC server. This service exposes a heap overflow vulnerability through RPC opcode 43 (0x2b) and a stack overflow vulnerability through RPC opcode 45 (0x2d) on TCP port 6503 endpoint with ID dc246bf0-7a7a-11ce-9f88-00805fe43838. • https://www.exploit-db.com/exploits/3495 https://www.exploit-db.com/exploits/16401 https://www.exploit-db.com/exploits/28765 https://www.exploit-db.com/exploits/28766 http://secunia.com/advisories/22285 http://securitytracker.com/id?1017003 http://securitytracker.com/id?1017004 http://securitytracker.com/id?1017005 http://securitytracker.com/id?1017006 http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp http://www.kb.cert.org/vuls/id/361792 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2535 – CA BrightStor ARCserve Backup - Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2005-2535
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260. • https://www.exploit-db.com/exploits/815 https://www.exploit-db.com/exploits/16408 http://archives.neohapsis.com/archives/bugtraq/2005-02/0123.html http://archives.neohapsis.com/archives/bugtraq/2005-02/0141.html http://archives.neohapsis.com/archives/bugtraq/2005-02/0201.html http://secunia.com/advisories/14293 http://www.kb.cert.org/vuls/id/966880 http://www.osvdb.org/13814 http://www.securityfocus.com/bid/12536 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx •
CVE-2005-1693
https://notcve.org/view.php?id=CVE-2005-1693
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow. • http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588 http://marc.info/?l=bugtraq&m=111686576416450&w=2 http://secunia.com/advisories/15470 http://secunia.com/advisories/15479 http://securitytracker.com/id?1014050 http://www.rem0te.com/public/images/vet.pdf http://www.securityfocus.com/bid/13710 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896 •
CVE-2004-1096 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-1096
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. El módulo Perl Archive::Zip anterior a 1.14, cuando se usa en programas antivirus como amavisd-new, permite a atacantes remotos saltarse la protección del antivirus mediante un ficheros comprimido con cabeceras globales y locales establecido a cero, lo que no impide que el fichero comprimido sea abierto en un sistema objetivo. • https://www.exploit-db.com/exploits/629 http://secunia.com/advisories/13038 http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/492545 http://www.mandriva.com/security/advisories?name=MDKSA-2004:118 http://www.securityfocus.com/bid/11448 https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 •
CVE-2004-0933 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-0933
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. • https://www.exploit-db.com/exploits/629 http://supportconnectw.ca.com/public/ca_common_docs/arclib_vuln.asp http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true http://www.securityfocus.com/bid/11448 https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 •