CVE-2006-5142

Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.tippingpoint.com/security/advisories/TSRT-06-12.html	Patch Vendor Advisory
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp
http://secunia.com/advisories/22283	Vendor Advisory
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694
http://www.securityfocus.com/bid/20364
http://www.vupen.com/english/advisories/2006/3930	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29365
http://www.securityfocus.com/archive/1/447853/100/100/threaded
http://www.securityfocus.com/archive/1/447839/100/100/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*

Information

Published : 2006-10-09 21:06

Updated : 2021-04-07 11:14

NVD link : CVE-2006-5142

Mitre link : CVE-2006-5142

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

broadcom

brightstor_arcserve_backup

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-12.html", "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-12.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp", "name": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/22283", "name": "22283", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744", "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744", "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694", "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34694", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/20364", "name": "20364", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/3930", "name": "ADV-2006-3930", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29365", "name": "ca-brightstor-discovery-mailslot-bo(29365)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/447853/100/100/threaded", "name": "20061005 TSRT-06-12: CA BrightStor Discovery Service Mailslot Buffer Overflow Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded", "name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5142", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-10-10T04:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-07T18:14Z"}