Vulnerability Description
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Brightstor Arcserve Backup | <= 11.5 |
| Broadcom | Brightstor Enterprise Backup | 10.5 |
| Broadcom | Business Protection Suite | 2.0 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=467
- http://osvdb.org/31327
- http://secunia.com/advisories/23648Vendor Advisory
- http://securitytracker.com/id?1017506
- http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.aspPatch
- http://www.kb.cert.org/vuls/id/151032US Government Resource
- http://www.kb.cert.org/vuls/id/180336US Government Resource
- http://www.securityfocus.com/archive/1/456618/100/0/threaded
- http://www.securityfocus.com/archive/1/456619/100/0/threaded
- http://www.securityfocus.com/archive/1/456711
- http://www.securityfocus.com/bid/22005
- http://www.securityfocus.com/bid/22006
- http://www.vupen.com/english/advisories/2007/0154Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-07-003.htmlExploit
- http://www.zerodayinitiative.com/advisories/ZDI-07-004.htmlExploit
FAQ
What is CVE-2007-0169?
CVE-2007-0169 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute...
How severe is CVE-2007-0169?
CVE-2007-0169 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0169?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brightstor Arcserve Backup, Broadcom Brightstor Enterprise Backup, Broadcom Business Protection Suite.