cvelistv5 - CVE-2007-5003

CVE-2007-5003 (GCVE-0-2007-5003)

Vulnerability from cvelistv5 – Published: 2007-10-01 20:00 – Updated: 2024-08-07 15:17

Summary

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/24348	vdb-entryx_refsource_BID
	http://www.ca.com/us/securityadvisor/vulninfo/vul…	x_refsource_CONFIRM
	http://secunia.com/advisories/25606	third-party-advisoryx_refsource_SECUNIA
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.ca.com/us/securityadvisor/newsinfo/col…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/480252/100…	mailing-listx_refsource_BUGTRAQ
	http://supportconnectw.ca.com/public/sams/lifegua…	x_refsource_CONFIRM
	http://research.eeye.com/html/advisories/publishe…	third-party-advisoryx_refsource_EEYE
	http://www.securitytracker.com/id?1018728	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24348",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
          },
          {
            "name": "25606",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25606"
          },
          {
            "name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
          },
          {
            "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
          },
          {
            "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops \u0026 Desktops",
            "tags": [
              "third-party-advisory",
              "x_refsource_EEYE",
              "x_transferred"
            ],
            "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
          },
          {
            "name": "1018728",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018728"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24348",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
        },
        {
          "name": "25606",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25606"
        },
        {
          "name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
        },
        {
          "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
        },
        {
          "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops \u0026 Desktops",
          "tags": [
            "third-party-advisory",
            "x_refsource_EEYE"
          ],
          "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
        },
        {
          "name": "1018728",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018728"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5003",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24348",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24348"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674",
              "refsource": "CONFIRM",
              "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
            },
            {
              "name": "25606",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25606"
            },
            {
              "name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006",
              "refsource": "CONFIRM",
              "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
            },
            {
              "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
            },
            {
              "name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
            },
            {
              "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops \u0026 Desktops",
              "refsource": "EEYE",
              "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
            },
            {
              "name": "1018728",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018728"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5003",
    "datePublished": "2007-10-01T20:00:00",
    "dateReserved": "2007-09-20T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261A513C-CBD4-4A1C-B58A-A9005774EC87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FB993B2-9A44-40E2-AA05-0CAD04BDC26D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7461AE5-2067-4964-93B7-560CD02CEAC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B9C97C1-D295-4A84-B179-3FDF51DE1DD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22268F99-2F38-481D-A0CC-B1FC96FDB953\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6195AFF-0039-4F48-9E02-ACE8CF052EA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47C10BA4-B241-4F65-8FA1-AD88266C03B0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer basado en pila en CA (Computer Associates) BrightStor ARCserve Backup para Port\\u00e1til y Sobremesa  r11.0 hasta r11.5 permiten a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante un (1) nombre de usuario \\u00f3 (2) contrase\\u00f1a largos en el comando rxrLogin de rxRPC.dll, \\u00f3 un (3) argumento nombre de usuario largo en la funci\\u00f3n GetUserInfo.\"}]",
      "id": "CVE-2007-5003",
      "lastModified": "2024-11-21T00:36:55.120",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-01T20:17:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://research.eeye.com/html/advisories/published/AD20070920.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25606\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/480252/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24348\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1018728\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://research.eeye.com/html/advisories/published/AD20070920.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25606\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/480252/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1018728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5003\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-01T20:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basado en pila en CA (Computer Associates) BrightStor ARCserve Backup para Port\u00e1til y Sobremesa  r11.0 hasta r11.5 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un (1) nombre de usuario \u00f3 (2) contrase\u00f1a largos en el comando rxrLogin de rxRPC.dll, \u00f3 un (3) argumento nombre de usuario largo en la funci\u00f3n GetUserInfo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261A513C-CBD4-4A1C-B58A-A9005774EC87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FB993B2-9A44-40E2-AA05-0CAD04BDC26D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7461AE5-2067-4964-93B7-560CD02CEAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B9C97C1-D295-4A84-B179-3FDF51DE1DD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22268F99-2F38-481D-A0CC-B1FC96FDB953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6195AFF-0039-4F48-9E02-ACE8CF052EA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C10BA4-B241-4F65-8FA1-AD88266C03B0\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://research.eeye.com/html/advisories/published/AD20070920.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25606\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/480252/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24348\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1018728\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://research.eeye.com/html/advisories/published/AD20070920.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/480252/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1018728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-R6MQ-3VV9-38J4

Vulnerability from github – Published: 2022-05-01 18:29 – Updated: 2022-05-01 18:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-01T20:17:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.",
  "id": "GHSA-r6mq-3vv9-38j4",
  "modified": "2022-05-01T18:29:05Z",
  "published": "2022-05-01T18:29:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5003"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
    },
    {
      "type": "WEB",
      "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25606"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
    },
    {
      "type": "WEB",
      "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24348"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018728"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-5003

Vulnerability from fkie_nvd - Published: 2007-10-01 20:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
cve@mitre.org	http://research.eeye.com/html/advisories/published/AD20070920.html
cve@mitre.org	http://secunia.com/advisories/25606	Vendor Advisory
cve@mitre.org	http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp	Patch
cve@mitre.org	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Patch
cve@mitre.org	http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674	Patch
cve@mitre.org	http://www.securityfocus.com/archive/1/480252/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24348
cve@mitre.org	http://www.securitytracker.com/id?1018728
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
af854a3a-2127-422b-91ae-364da2661108	http://research.eeye.com/html/advisories/published/AD20070920.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25606	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/480252/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24348
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018728

Impacted products

Vendor	Product	Version
broadcom	brightstor_arcserve_backup_laptops_desktops	4.0
broadcom	brightstor_arcserve_backup_laptops_desktops	11.0
broadcom	brightstor_arcserve_backup_laptops_desktops	11.1
broadcom	brightstor_arcserve_backup_laptops_desktops	11.1
broadcom	brightstor_arcserve_backup_laptops_desktops	11.5
broadcom	desktop_management_suite	11.0
broadcom	desktop_management_suite	11.1
broadcom	desktop_management_suite	11.2
ca	protection_suites	r2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261A513C-CBD4-4A1C-B58A-A9005774EC87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9C97C1-D295-4A84-B179-3FDF51DE1DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22268F99-2F38-481D-A0CC-B1FC96FDB953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6195AFF-0039-4F48-9E02-ACE8CF052EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en CA (Computer Associates) BrightStor ARCserve Backup para Port\u00e1til y Sobremesa  r11.0 hasta r11.5 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un (1) nombre de usuario \u00f3 (2) contrase\u00f1a largos en el comando rxrLogin de rxRPC.dll, \u00f3 un (3) argumento nombre de usuario largo en la funci\u00f3n GetUserInfo."
    }
  ],
  "id": "CVE-2007-5003",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-01T20:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25606"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24348"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018728"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-5003

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5003

Aliases

CVE-2007-5003

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5003",
    "description": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.",
    "id": "GSD-2007-5003",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-5003"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5003"
      ],
      "details": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.",
      "id": "GSD-2007-5003",
      "modified": "2023-12-13T01:21:41.328977Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5003",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "24348",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24348"
          },
          {
            "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674",
            "refsource": "CONFIRM",
            "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
          },
          {
            "name": "25606",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25606"
          },
          {
            "name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
          },
          {
            "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006",
            "refsource": "CONFIRM",
            "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
          },
          {
            "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
          },
          {
            "name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
          },
          {
            "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops \u0026 Desktops",
            "refsource": "EEYE",
            "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
          },
          {
            "name": "1018728",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018728"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5003"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops \u0026 Desktops",
              "refsource": "EEYE",
              "tags": [],
              "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"
            },
            {
              "name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"
            },
            {
              "name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"
            },
            {
              "name": "24348",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24348"
            },
            {
              "name": "1018728",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018728"
            },
            {
              "name": "25606",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25606"
            },
            {
              "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-08T13:31Z",
      "publishedDate": "2007-10-01T20:17Z"
    }
  }
}

CERTA-2007-AVI-415

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans les produits ARCserve de Computer Associate permettent à un utilisateur distant d'exécuter du code arbitraire.

Description

Plusieurs vulnérabilités sont présentent dans les produits ARCserve Backup for Laptops and Desktops de Computer Associates. Ces vulnérabilités sont toutes relatives à un manque de contrôle dans les éléments suivant du logiciel :

le service LGServer ;
le service d'authentification de ARCserve Backup ;
le service d'autentification rxLogin ;
le service NetBackup lors d'un téléchargement de fichier.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CA Desktop Management Suite 11.2 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.1 SP1 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.0 ;
N/A	N/A	CA Desktop Management Suite 11.0 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.1 SP2 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.5 ;
N/A	N/A	CA Protection Suite r2.
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.1 ;
N/A	N/A	CA Desktop Management Suite 11.1 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r4.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité CA ARCserve du 21 septembre 2007	None	vendor-advisory
Bulletin de sécurité Computer Associates :	-	other
Bulletin de sécurité iDefense du 21 septembre 2007 :	-	other
Bulletin de sécurité iDefense du 21 septembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CA Desktop Management Suite 11.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.1 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Desktop Management Suite 11.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.1 SP2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Protection Suite r2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Desktop Management Suite 11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentent dans les produits ARCserve\nBackup for Laptops and Desktops de Computer Associates. Ces\nvuln\u00e9rabilit\u00e9s sont toutes relatives \u00e0 un manque de contr\u00f4le dans les\n\u00e9l\u00e9ments suivant du logiciel :\n\n-   le service LGServer ;\n-   le service d\u0027authentification de ARCserve Backup ;\n-   le service d\u0027autentification rxLogin ;\n-   le service NetBackup lors d\u0027un t\u00e9l\u00e9chargement de fichier.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5004"
    },
    {
      "name": "CVE-2007-5005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5005"
    },
    {
      "name": "CVE-2007-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3216"
    },
    {
      "name": "CVE-2007-5006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5006"
    },
    {
      "name": "CVE-2007-5003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5003"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates :",
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 21 septembre 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=599"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 21 septembre 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=598"
    }
  ],
  "reference": "CERTA-2007-AVI-415",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans les produits ARCserve de Computer\nAssociate permettent \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits CA ARCserve",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA ARCserve du 21 septembre 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-415

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans les produits ARCserve de Computer Associate permettent à un utilisateur distant d'exécuter du code arbitraire.

Description

le service LGServer ;
le service d'authentification de ARCserve Backup ;
le service d'autentification rxLogin ;
le service NetBackup lors d'un téléchargement de fichier.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CA Desktop Management Suite 11.2 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.1 SP1 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.0 ;
N/A	N/A	CA Desktop Management Suite 11.0 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.1 SP2 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.5 ;
N/A	N/A	CA Protection Suite r2.
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r11.1 ;
N/A	N/A	CA Desktop Management Suite 11.1 ;
N/A	N/A	CA ARCserve Backup for Laptops and Desktops r4.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité CA ARCserve du 21 septembre 2007	None	vendor-advisory
Bulletin de sécurité Computer Associates :	-	other
Bulletin de sécurité iDefense du 21 septembre 2007 :	-	other
Bulletin de sécurité iDefense du 21 septembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CA Desktop Management Suite 11.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.1 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Desktop Management Suite 11.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.1 SP2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Protection Suite r2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Desktop Management Suite 11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA ARCserve Backup for Laptops and Desktops r4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentent dans les produits ARCserve\nBackup for Laptops and Desktops de Computer Associates. Ces\nvuln\u00e9rabilit\u00e9s sont toutes relatives \u00e0 un manque de contr\u00f4le dans les\n\u00e9l\u00e9ments suivant du logiciel :\n\n-   le service LGServer ;\n-   le service d\u0027authentification de ARCserve Backup ;\n-   le service d\u0027autentification rxLogin ;\n-   le service NetBackup lors d\u0027un t\u00e9l\u00e9chargement de fichier.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5004"
    },
    {
      "name": "CVE-2007-5005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5005"
    },
    {
      "name": "CVE-2007-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3216"
    },
    {
      "name": "CVE-2007-5006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5006"
    },
    {
      "name": "CVE-2007-5003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5003"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates :",
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 21 septembre 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=599"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDefense du 21 septembre 2007 :",
      "url": "http://www.idefense.com/application/poi/display?id=598"
    }
  ],
  "reference": "CERTA-2007-AVI-415",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans les produits ARCserve de Computer\nAssociate permettent \u00e0 un utilisateur distant d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits CA ARCserve",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA ARCserve du 21 septembre 2007",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5003 (GCVE-0-2007-5003)

GHSA-R6MQ-3VV9-38J4

FKIE_CVE-2007-5003

GSD-2007-5003

CERTA-2007-AVI-415

Description

Solution

CERTA-2007-AVI-415

Description

Solution

Tags

Sightings

Nomenclature