CVE-2007-0168
CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
El servicio Tape Engine en Computer Associates (CA) BrightStor ARCserve Backup 9.01 hasta 11.5, Enterprise Backup 10.5, y CA Server/Business Protection Suite r2 permite a atacantes remotos ejecutar código de su elección mediante ciertos datos en opnum 0xBF en una petición RPC que es directamente ejecutada.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Backup. User interaction is not required to exploit this vulnerability.
The specific flaw exists in the handling of RPC requests to the Tape Engine service which listens by default on TCP port 6502 with the following UUID:
62b93df0-8b02-11ce-876c-00805f842837
The handler function for RPC opnum 0xBF directly calls user-supplied data in the RPC request, resulting in trivial arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-01-10 CVE Reserved
- 2007-01-11 CVE Published
- 2007-01-11 First Exploit
- 2024-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://livesploit.com/advisories/LS-20061002.pdf | X_refsource_misc | |
| http://osvdb.org/31327 | Vdb Entry | |
| http://secunia.com/advisories/23648 | Third Party Advisory | |
| http://securitytracker.com/id?1017506 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/662400 | Third Party Advisory |
|
| http://www.lssec.com/advisories/LS-20061002.pdf | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/456616/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/456637 | Mailing List | |
| http://www.securityfocus.com/archive/1/456711 | Mailing List | |
| http://www.securityfocus.com/bid/22010 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0154 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31442 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29444 | 2007-01-11 | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-002.html | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp | 2021-04-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | <= 11.5 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version " <= 11.5" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Search vendor "Broadcom" for product "Brightstor Arcserve Backup" | 9.01 Search vendor "Broadcom" for product "Brightstor Arcserve Backup" and version "9.01" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Brightstor Enterprise Backup Search vendor "Broadcom" for product "Brightstor Enterprise Backup" | 10.5 Search vendor "Broadcom" for product "Brightstor Enterprise Backup" and version "10.5" | - |
Affected
| ||||||
| Broadcom Search vendor "Broadcom" | Business Protection Suite Search vendor "Broadcom" for product "Business Protection Suite" | 2.0 Search vendor "Broadcom" for product "Business Protection Suite" and version "2.0" | - |
Affected
| ||||||