Информационная безопасность
[RU] switch to English


Многочисленыне уязвимости в CA BrightStor ARCServe BackUp (multiple bugsCA BrightStor ARCServe BackUp
Опубликовано:12 октября 2007 г.
Источник:
SecurityVulns ID:8243
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные переполнения буфера при обработке запросов RPC TCP/6504.
Затронутые продукты:CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : BrightStor ARCserve Backup 10.5
 CA : BrightStor ARCserve Backup 9.01
 CA : Brightstor ARCserve Backup 11.5
CVE:CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.)
 CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.)
 CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.)
 CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.)
 CVE-2007-5328 (CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code via a "Privileged function exposure.")
 CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.)
 CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentEEYE, [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities (12.10.2007)
 documentEEYE, EEYE: CA BrightStor ArcServe Backup Server Arbitrary Pointer Dereference (12.10.2007)
 documenthfli, CA BrightStor ARCServe BackUp Message Engine Remote Stack Overflow Vulnerability (12.10.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород