FKIE_CVE-2007-0449

Vulnerability from fkie_nvd - Published: 2007-01-23 21:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.
References
cve@mitre.orghttp://secunia.com/advisories/23897Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017548
cve@mitre.orghttp://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.aspPatch
cve@mitre.orghttp://www.kb.cert.org/vuls/id/357308US Government Resource
cve@mitre.orghttp://www.kb.cert.org/vuls/id/611276US Government Resource
cve@mitre.orghttp://www.osvdb.org/31593
cve@mitre.orghttp://www.securityfocus.com/archive/1/457945/30/8460/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/458644/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/458648/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/22199
cve@mitre.orghttp://www.securityfocus.com/bid/22340
cve@mitre.orghttp://www.securityfocus.com/bid/22342
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0314Vendor Advisory
cve@mitre.orghttp://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696
cve@mitre.orghttp://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/31704
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23897Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017548
af854a3a-2127-422b-91ae-364da2661108http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.aspPatch
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/357308US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/611276US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/31593
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/457945/30/8460/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/458644/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/458648/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22199
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22340
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22342
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0314Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696
af854a3a-2127-422b-91ae-364da2661108http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/31704
Impacted products
Vendor Product Version
broadcom brightstor_arcserve_backup_laptops_desktops 11.0
broadcom brightstor_arcserve_backup_laptops_desktops 11.1
broadcom brightstor_arcserve_backup_laptops_desktops 11.1
broadcom brightstor_mobile_backup r4.0
broadcom business_protection_suite 2.0
broadcom desktop_management_suite 11.0
broadcom desktop_management_suite 11.1
broadcom desktop_protection_suite 2.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_mobile_backup:r4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9448EC1-7527-4CF9-85FC-26F61714E4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22268F99-2F38-481D-A0CC-B1FC96FDB953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:desktop_protection_suite:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB698F99-FC87-4D59-9E01-3CE7A57FE0E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en el archivo LGSERVER.EXE en CA BrightStor ARCserve Backup para Ordenadores Port\u00e1tiles y de Escritorio versi\u00f3n r11.0 hasta versi\u00f3n r11.1 SP1, Mobile Backup versi\u00f3n r4.0, Desktop and Business Protection Suite versi\u00f3n r2 y Desktop Management Suite (DMS) versiones r11.0 y r11.1 permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de la creaci\u00f3n de paquetes hacia los puertos TCP (1) 1900 o (2) 2200."
    }
  ],
  "id": "CVE-2007-0449",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-23T21:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23897"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017548"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/357308"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/611276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/31593"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457945/30/8460/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/458644/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/458648/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22199"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22340"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22342"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0314"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/357308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/611276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/31593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457945/30/8460/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/458644/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/458648/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31704"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.