CVE-2007-0168

Severity

75%

Complexity

99%

Confidentiality

106%

The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Computer Associates

First reported 18 years ago

2007-01-11 22:28:00

Last updated 6 years ago

2018-10-16 16:31:00

Affected Software

Computer Associates BrightStor ARCserve Backup 9.01

9.01

Computer Associates BrightStor ARCserve Backup

Computer Associates BrightStor Enterprise Backup 10.5

10.5

Computer Associates Business Protection Suite 2.0

2.0

References

http://livesploit.com/advisories/LS-20061002.pdf

31327

23648

1017506

http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp

Patch

VU#662400

US Government Resource

http://www.lssec.com/advisories/LS-20061002.pdf

20070111 ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability

20070111 LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability

20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities

22010

ADV-2007-0154

http://www.zerodayinitiative.com/advisories/ZDI-07-002.html

Exploit

brightstor-tapeengine-code-execution(31442)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.