cvelistv5 - cve-2007-2139

CVE-2007-2139 (GCVE-0-2007-2139)

Vulnerability from cvelistv5 – Published: 2007-04-25 20:00 – Updated: 2024-08-07 13:23

Summary

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securityreason.com/securityalert/2628	third-party-advisoryx_refsource_SREASON
	http://supportconnectw.ca.com/public/storage/info…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/979825	third-party-advisoryx_refsource_CERT-VN
	http://osvdb.org/35326	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/24972	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/23635	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/466790/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1017952	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/1529	vdb-entryx_refsource_VUPEN
	http://www.zerodayinitiative.com/advisories/ZDI-0…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:50.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "2628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
          },
          {
            "name": "VU#979825",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/979825"
          },
          {
            "name": "35326",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35326"
          },
          {
            "name": "24972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24972"
          },
          {
            "name": "brightstor-sun-rpc-bo(33854)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
          },
          {
            "name": "23635",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23635"
          },
          {
            "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
          },
          {
            "name": "1017952",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017952"
          },
          {
            "name": "ADV-2007-1529",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1529"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "2628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
        },
        {
          "name": "VU#979825",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/979825"
        },
        {
          "name": "35326",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35326"
        },
        {
          "name": "24972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24972"
        },
        {
          "name": "brightstor-sun-rpc-bo(33854)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
        },
        {
          "name": "23635",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23635"
        },
        {
          "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
        },
        {
          "name": "1017952",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017952"
        },
        {
          "name": "ADV-2007-1529",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1529"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "2628",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2628"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
            },
            {
              "name": "VU#979825",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/979825"
            },
            {
              "name": "35326",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35326"
            },
            {
              "name": "24972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24972"
            },
            {
              "name": "brightstor-sun-rpc-bo(33854)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
            },
            {
              "name": "23635",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23635"
            },
            {
              "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
            },
            {
              "name": "1017952",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017952"
            },
            {
              "name": "ADV-2007-1529",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1529"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2139",
    "datePublished": "2007-04-25T20:00:00",
    "dateReserved": "2007-04-18T00:00:00",
    "dateUpdated": "2024-08-07T13:23:50.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C689BA77-8B88-4742-9AF1-567E12B92E17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"328E1C42-488A-43FC-8DF2-758DC73B74AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8781759-7B4C-47C3-8A60-8CA5520360C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"6E236148-4A57-4FDC-A072-A77D3DD2DB53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*\", \"matchCriteriaId\": \"2429EE00-5359-4C47-A634-8DBC57253266\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*\", \"matchCriteriaId\": \"F33EE596-0901-4A13-BAA1-1A7C7C16AD27\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiple desbordamiento de b\\u00fafer basado en pila en el servicio SUN RPC del CA (antiguamente Computer Associates) BrightStor ARCserve Media Server, como el utilizado en el BrightStor ARCserve Backup 9.01 hasta la 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2 y Business Protection Suite 2, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de cadenas RPC mal formadas. Vulnerabilidad diferente a las CVE-2006-5171, CVE-2006-5172 y CVE-2007-1785.\"}]",
      "id": "CVE-2007-2139",
      "lastModified": "2024-11-21T00:30:00.543",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-25T20:19:00.000",
      "references": "[{\"url\": \"http://osvdb.org/35326\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24972\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/2628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/979825\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/466790/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23635\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1017952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1529\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/35326\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24972\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/2628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/979825\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/466790/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1017952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1529\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2139\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-25T20:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiple desbordamiento de b\u00fafer basado en pila en el servicio SUN RPC del CA (antiguamente Computer Associates) BrightStor ARCserve Media Server, como el utilizado en el BrightStor ARCserve Backup 9.01 hasta la 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2 y Business Protection Suite 2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de cadenas RPC mal formadas. Vulnerabilidad diferente a las CVE-2006-5171, CVE-2006-5172 y CVE-2007-1785.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C689BA77-8B88-4742-9AF1-567E12B92E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"328E1C42-488A-43FC-8DF2-758DC73B74AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8781759-7B4C-47C3-8A60-8CA5520360C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"6E236148-4A57-4FDC-A072-A77D3DD2DB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*\",\"matchCriteriaId\":\"2429EE00-5359-4C47-A634-8DBC57253266\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*\",\"matchCriteriaId\":\"F33EE596-0901-4A13-BAA1-1A7C7C16AD27\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/35326\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24972\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/2628\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/979825\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/466790/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23635\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1017952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1529\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/35326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/2628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/979825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/466790/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1017952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans BrightStor ARCServe Backup permettrait à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Un manque de contrôle des requêtes RPC (Remote Procedure Call) passées au composant mediasvr.exe de BrightStor ARCServe Backup permettrait à un utilisateur distant mais provenant du même réseau d'exécuter du code arbitraire par le biais d'une requête RPC construite de façon particulière. Il existe une preuve de faisabilité mettant en œuvre cette vulnérabilité sur l'Internet.

Cette vulnérabilité a été corrigée et a fait l'objet de l'avis CERTA-2007-AVI-188.

Contournement provisoire

Dans la mesure où cette vulnérabilité offre à l'attaquant la possibilité de contrôler la machine à distance, il convient de :

ne pas rendre accessible depuis l'Internet la machine mettant en œuvre BrightStor ARCServe Backup ;
restreindre l'accès au service mediasvr.exe aux seules machines autorisées à dialoguer via RPC avec lui.

Solution

Se référer au bulletin de sécurité de l'éditeur (voir Documentation).

BrightStor ARCServe Backup versions 11.5 SP2 build 4237 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité Secunia SA24682 du 30 mars 2007	None	vendor-advisory
Avis CERTA-2007-AVI-188 du 25 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eBrightStor ARCServe Backup\u003c/TT\u003e  versions \u003cTT\u003e11.5 SP2 build 4237\u003c/TT\u003e et ant\u00e9rieures.",
  "closed_at": "2007-04-27",
  "content": "## Description\n\nUn manque de contr\u00f4le des requ\u00eates RPC (Remote Procedure Call) pass\u00e9es\nau composant mediasvr.exe de BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant mais provenant du m\u00eame r\u00e9seau d\u0027ex\u00e9cuter du code\narbitraire par le biais d\u0027une requ\u00eate RPC construite de fa\u00e7on\nparticuli\u00e8re. Il existe une preuve de faisabilit\u00e9 mettant en \u0153uvre cette\nvuln\u00e9rabilit\u00e9 sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et a fait l\u0027objet de l\u0027avis\nCERTA-2007-AVI-188.\n\n## Contournement provisoire\n\nDans la mesure o\u00f9 cette vuln\u00e9rabilit\u00e9 offre \u00e0 l\u0027attaquant la possibilit\u00e9\nde contr\u00f4ler la machine \u00e0 distance, il convient de :\n\n-   ne pas rendre accessible depuis l\u0027Internet la machine mettant en\n    \u0153uvre BrightStor ARCServe Backup ;\n-   restreindre l\u0027acc\u00e8s au service mediasvr.exe aux seules machines\n    autoris\u00e9es \u00e0 dialoguer via RPC avec lui.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    },
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2007-AVI-188 du 25 avril 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-188/"
    }
  ],
  "reference": "CERTA-2007-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-30T00:00:00.000000"
    },
    {
      "description": "ajout de la section Solution, des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Computer Associates et des entr\u00e9es CVE.",
      "revision_date": "2007-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia SA24682 du 30 mars 2007",
      "url": "http://www.secunia.com/advisories/24682"
    }
  ]
}

CERTA-2007-ALE-009

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité dans BrightStor ARCServe Backup permettrait à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Cette vulnérabilité a été corrigée et a fait l'objet de l'avis CERTA-2007-AVI-188.

Contournement provisoire

Dans la mesure où cette vulnérabilité offre à l'attaquant la possibilité de contrôler la machine à distance, il convient de :

ne pas rendre accessible depuis l'Internet la machine mettant en œuvre BrightStor ARCServe Backup ;
restreindre l'accès au service mediasvr.exe aux seules machines autorisées à dialoguer via RPC avec lui.

Solution

Se référer au bulletin de sécurité de l'éditeur (voir Documentation).

BrightStor ARCServe Backup versions 11.5 SP2 build 4237 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité Secunia SA24682 du 30 mars 2007	None	vendor-advisory
Avis CERTA-2007-AVI-188 du 25 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eBrightStor ARCServe Backup\u003c/TT\u003e  versions \u003cTT\u003e11.5 SP2 build 4237\u003c/TT\u003e et ant\u00e9rieures.",
  "closed_at": "2007-04-27",
  "content": "## Description\n\nUn manque de contr\u00f4le des requ\u00eates RPC (Remote Procedure Call) pass\u00e9es\nau composant mediasvr.exe de BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant mais provenant du m\u00eame r\u00e9seau d\u0027ex\u00e9cuter du code\narbitraire par le biais d\u0027une requ\u00eate RPC construite de fa\u00e7on\nparticuli\u00e8re. Il existe une preuve de faisabilit\u00e9 mettant en \u0153uvre cette\nvuln\u00e9rabilit\u00e9 sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et a fait l\u0027objet de l\u0027avis\nCERTA-2007-AVI-188.\n\n## Contournement provisoire\n\nDans la mesure o\u00f9 cette vuln\u00e9rabilit\u00e9 offre \u00e0 l\u0027attaquant la possibilit\u00e9\nde contr\u00f4ler la machine \u00e0 distance, il convient de :\n\n-   ne pas rendre accessible depuis l\u0027Internet la machine mettant en\n    \u0153uvre BrightStor ARCServe Backup ;\n-   restreindre l\u0027acc\u00e8s au service mediasvr.exe aux seules machines\n    autoris\u00e9es \u00e0 dialoguer via RPC avec lui.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    },
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    }
  ],
  "links": [
    {
      "title": "Avis CERTA-2007-AVI-188 du 25 avril 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-188/"
    }
  ],
  "reference": "CERTA-2007-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-30T00:00:00.000000"
    },
    {
      "description": "ajout de la section Solution, des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Computer Associates et des entr\u00e9es CVE.",
      "revision_date": "2007-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia SA24682 du 30 mars 2007",
      "url": "http://www.secunia.com/advisories/24682"
    }
  ]
}

FKIE_CVE-2007-2139

Vulnerability from fkie_nvd - Published: 2007-04-25 20:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/35326
cve@mitre.org	http://secunia.com/advisories/24972
cve@mitre.org	http://securityreason.com/securityalert/2628
cve@mitre.org	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
cve@mitre.org	http://www.kb.cert.org/vuls/id/979825	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/466790/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23635	Patch
cve@mitre.org	http://www.securitytracker.com/id?1017952
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1529
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33854
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35326
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24972
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2628
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/979825	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/466790/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23635	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017952
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1529
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33854

Impacted products

Vendor	Product	Version
broadcom	brightstor_arcserve_backup	9.01
broadcom	brightstor_arcserve_backup	11.1
broadcom	brightstor_arcserve_backup	11.5
broadcom	business_protection_suite	2.0
broadcom	server_protection_suite	2
ca	brightstor_arcserve_backup	11
ca	business_protection_suite	2.0
ca	business_protection_suite	2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C689BA77-8B88-4742-9AF1-567E12B92E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8781759-7B4C-47C3-8A60-8CA5520360C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*",
              "matchCriteriaId": "2429EE00-5359-4C47-A634-8DBC57253266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*",
              "matchCriteriaId": "F33EE596-0901-4A13-BAA1-1A7C7C16AD27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
    },
    {
      "lang": "es",
      "value": "M\u00faltiple desbordamiento de b\u00fafer basado en pila en el servicio SUN RPC del CA (antiguamente Computer Associates) BrightStor ARCserve Media Server, como el utilizado en el BrightStor ARCserve Backup 9.01 hasta la 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2 y Business Protection Suite 2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de cadenas RPC mal formadas. Vulnerabilidad diferente a las CVE-2006-5171, CVE-2006-5172 y CVE-2007-1785."
    }
  ],
  "id": "CVE-2007-2139",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-25T20:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24972"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2628"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/979825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23635"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017952"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1529"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/979825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-188

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans BrightStor ARCserve Backup permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans BrightStor ARCserve Backup. Elles affectent le service RPC du fichier mediasvr.exe. Un utilisateur malintentionné peut, par le biais de paquets RPC spécifiquement conçus, exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BrightStor ARCserve Backup v9.01 ;
Cisco	N/A	CA Server Protection Suite r2 ;
Cisco	N/A	BrightStor Enterprise Backup r10.5 ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;
N/A	N/A	BrightStor ARCserve Backup r11.5 ;
Microsoft	Windows	BrightStor ARCserve Backup r11 for Windows ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.
N/A	N/A	BrightStor ARCserve Backup r11.1 ;
Cisco	N/A	CA Business Protection Suite r2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité ZDI-07-022 du 24 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BrightStor ARCserve Backup v9.01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Server Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor Enterprise Backup r10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11 for Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup.\nElles affectent le service RPC du fichier mediasvr.exe. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de paquets RPC sp\u00e9cifiquement con\u00e7us,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    },
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ZDI-07-022 du 24 avril 2007 :",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    }
  ],
  "reference": "CERTA-2007-AVI-188",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup Media Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    }
  ]
}

CERTA-2007-AVI-188

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans BrightStor ARCserve Backup permettent l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BrightStor ARCserve Backup v9.01 ;
Cisco	N/A	CA Server Protection Suite r2 ;
Cisco	N/A	BrightStor Enterprise Backup r10.5 ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;
N/A	N/A	BrightStor ARCserve Backup r11.5 ;
Microsoft	Windows	BrightStor ARCserve Backup r11 for Windows ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.
N/A	N/A	BrightStor ARCserve Backup r11.1 ;
Cisco	N/A	CA Business Protection Suite r2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité ZDI-07-022 du 24 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BrightStor ARCserve Backup v9.01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Server Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor Enterprise Backup r10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11 for Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup.\nElles affectent le service RPC du fichier mediasvr.exe. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de paquets RPC sp\u00e9cifiquement con\u00e7us,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    },
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ZDI-07-022 du 24 avril 2007 :",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    }
  ],
  "reference": "CERTA-2007-AVI-188",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup Media Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    }
  ]
}

GHSA-4JCC-QMQJ-6P2X

Vulnerability from github – Published: 2022-05-01 18:00 – Updated: 2022-05-01 18:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2139"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-25T20:19:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.",
  "id": "GHSA-4jcc-qmqj-6p2x",
  "modified": "2022-05-01T18:00:32Z",
  "published": "2022-05-01T18:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2139"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35326"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24972"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2628"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/979825"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23635"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017952"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1529"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-2139

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2139

Aliases

CVE-2007-2139

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2139",
    "description": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.",
    "id": "GSD-2007-2139",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-2139"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2139"
      ],
      "details": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.",
      "id": "GSD-2007-2139",
      "modified": "2023-12-13T01:21:37.781253Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-2139",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "2628",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2628"
          },
          {
            "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
          },
          {
            "name": "VU#979825",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/979825"
          },
          {
            "name": "35326",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35326"
          },
          {
            "name": "24972",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24972"
          },
          {
            "name": "brightstor-sun-rpc-bo(33854)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
          },
          {
            "name": "23635",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23635"
          },
          {
            "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
          },
          {
            "name": "1017952",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017952"
          },
          {
            "name": "ADV-2007-1529",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1529"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2139"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
            },
            {
              "name": "23635",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/23635"
            },
            {
              "name": "VU#979825",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/979825"
            },
            {
              "name": "24972",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24972"
            },
            {
              "name": "1017952",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017952"
            },
            {
              "name": "2628",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2628"
            },
            {
              "name": "35326",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/35326"
            },
            {
              "name": "ADV-2007-1529",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1529"
            },
            {
              "name": "brightstor-sun-rpc-bo(33854)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
            },
            {
              "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-09T18:54Z",
      "publishedDate": "2007-04-25T20:19Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2139 (GCVE-0-2007-2139)

CERTA-2007-ALE-009

Description

Contournement provisoire

Solution

CERTA-2007-ALE-009

Description

Contournement provisoire

Solution

FKIE_CVE-2007-2139

CERTA-2007-AVI-188

Description

Solution

CERTA-2007-AVI-188

Description

Solution

GHSA-4JCC-QMQJ-6P2X

GSD-2007-2139

Tags

Sightings

Nomenclature