CVE-2007-3216

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://research.eeye.com/html/advisories/upcoming/20070604.html
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp
http://www.securityfocus.com/bid/24348
http://www.securitytracker.com/id?1018216
http://secunia.com/advisories/25606	Vendor Advisory
http://research.eeye.com/html/advisories/published/AD20070920.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Vendor Advisory
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673	Vendor Advisory
http://www.securitytracker.com/id?1018728
http://osvdb.org/35329
http://www.vupen.com/english/advisories/2007/2121	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34805
http://www.securityfocus.com/archive/1/480252/100/100/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*

Information

Published : 2007-06-14 15:30

Updated : 2021-04-07 11:21

NVD link : CVE-2007-3216

Mitre link : CVE-2007-3216

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

broadcom

brightstor_arcserve_backup_laptops_desktops

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://research.eeye.com/html/advisories/upcoming/20070604.html", "name": "http://research.eeye.com/html/advisories/upcoming/20070604.html", "tags": [], "refsource": "MISC"}, {"url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp", "name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24348", "name": "24348", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018216", "name": "1018216", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/25606", "name": "25606", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://research.eeye.com/html/advisories/published/AD20070920.html", "name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops", "tags": [], "refsource": "EEYE"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599", "name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", "name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673", "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1018728", "name": "1018728", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/35329", "name": "35329", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/2121", "name": "ADV-2007-2121", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34805", "name": "brightstor-unspecified-code-execution(34805)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded", "name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3216", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-06-14T22:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-07T18:21Z"}

10.0 /10