FKIE_CVE-2007-5327

Vulnerability from fkie_nvd - Published: 2007-10-13 00:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.
References
cve@mitre.orghttp://ruder.cdut.net/blogview.asp?logID=231
cve@mitre.orghttp://secunia.com/advisories/27192
cve@mitre.orghttp://securityreason.com/securityalert/3218
cve@mitre.orghttp://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.aspPatch
cve@mitre.orghttp://www.fortiguardcenter.com/advisory/FGA-2007-11.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/482112/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/482121/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26015
cve@mitre.orghttp://www.securitytracker.com/id?1018805
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3470
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37064
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37065
af854a3a-2127-422b-91ae-364da2661108http://ruder.cdut.net/blogview.asp?logID=231
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27192
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3218
af854a3a-2127-422b-91ae-364da2661108http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.aspPatch
af854a3a-2127-422b-91ae-364da2661108http://www.fortiguardcenter.com/advisory/FGA-2007-11.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482112/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482121/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26015
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018805
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3470
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37064
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37065
Impacted products
Vendor Product Version
broadcom brightstor_arcserve_backup 9.01
broadcom brightstor_arcserve_backup 10.5
broadcom brightstor_arcserve_backup 11
broadcom brightstor_arcserve_backup 11.1
broadcom brightstor_arcserve_backup 11.5
broadcom brightstor_enterprise_backup 10.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "443AB333-2C99-42FF-8F4E-A487BF588E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C339825-77F9-478A-B1F7-A297D5715396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en el interfaz RPC para el Message Engine (mediasvr.exe) en el  CA BrightStor ARCServe BackUp v9.01 hasta la R11.5 y el Enterprise Backup r10.5, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la inclusi\u00f3n de un argumento largo en el 0x10d opnum."
    }
  ],
  "id": "CVE-2007-5327",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-13T00:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ruder.cdut.net/blogview.asp?logID=231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27192"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3218"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2007-11.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482112/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018805"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3470"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37064"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ruder.cdut.net/blogview.asp?logID=231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguardcenter.com/advisory/FGA-2007-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482112/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37065"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.