CVE-2007-3216
CA BrightStor ARCserve for Laptops and Desktops LGServer rxsSetDataGrowthScheduleAndFilter Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.
Múltiples desbordamientos de búfer en el componente LGServer de CA (Computer Associates) BrightStor ARCserve Backup para equipos Laptops y Desktops versión r11.1 permiten a los atacantes remotos ejecutar código arbitrario por medio de argumentos elaborados a los comandos (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion o (39) rxsSetDataScheduleYFilterAndFilter.
Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates Inc.'s ARCServe Backup for Laptops and Desktops allows attackers to execute arbitrary code with SYSTEM privileges. The LGServer contains multiple vulnerable functions that handle network requests, several of which contain more than one vulnerability. All together there are nearly 60 buffer overflows in the LGServer. The majority of these are the result of copying remotely supplied strings into fixed-size buffers without validating that enough space is available. iDefense has confirmed the existence of these vulnerabilities in ARCServe Backup for Laptops and Desktops version 11.1 (Build 900) for Windows. Other versions may also be affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-06-14 CVE Reserved
- 2007-06-14 CVE Published
- 2009-11-26 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599 | Third Party Advisory | |
| http://osvdb.org/35329 | Vdb Entry | |
| http://research.eeye.com/html/advisories/published/AD20070920.html | Third Party Advisory | |
| http://research.eeye.com/html/advisories/upcoming/20070604.html | X_refsource_misc | |
| http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp | X_refsource_confirm | |
| http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/480252/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/24348 | Vdb Entry | |
| http://www.securitytracker.com/id?1018216 | Vdb Entry | |
| http://www.securitytracker.com/id?1018728 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34805 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/83135 | 2009-11-26 | |
| https://packetstorm.news/files/id/95523 | 2010-11-05 | |
| https://packetstorm.news/files/id/95525 | 2010-11-05 | |
| https://www.exploit-db.com/exploits/16415 | 2016-10-27 | |
| https://www.exploit-db.com/exploits/16416 | 2011-03-10 | |
| https://www.exploit-db.com/exploits/16409 | 2011-03-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25606 | 2021-04-07 | |
| http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006 | 2021-04-07 | |
| http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673 | 2021-04-07 | |
| http://www.vupen.com/english/advisories/2007/2121 | 2021-04-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Brightstor Arcserve Backup Laptops Desktops Search vendor "Broadcom" for product "Brightstor Arcserve Backup Laptops Desktops" | 11.1 Search vendor "Broadcom" for product "Brightstor Arcserve Backup Laptops Desktops" and version "11.1" | - |
Affected
| ||||||