CVE-2007-5082

Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=601
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp	Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35690	Patch
http://www.securityfocus.com/bid/25823
http://securitytracker.com/id?1018747
http://secunia.com/advisories/26914	Patch Vendor Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-07-16
http://www.vupen.com/english/advisories/2007/3275	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36825
http://www.securityfocus.com/archive/1/480808/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brightstor_hierarchical_storage_manager:11.5:*:*:*:*:*:*:*

Information

Published : 2007-10-01 13:17

Updated : 2021-04-07 11:20

NVD link : CVE-2007-5082

Mitre link : CVE-2007-5082

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

broadcom

brightstor_hierarchical_storage_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=601", "name": "20070927 Computer Associates BrightStor HSM r11.5 Multiple Vulnerabilities", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp", "name": "http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35690", "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35690", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/25823", "name": "25823", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1018747", "name": "1018747", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/26914", "name": "26914", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-16", "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-16", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2007/3275", "name": "ADV-2007-3275", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36825", "name": "ca-brightstor-csagent-bo(36825)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/480808/100/0/threaded", "name": "20070927 [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical Storage Manager CsAgent Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-5082", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-10-01T20:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_hierarchical_storage_manager:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-07T18:20Z"}