PT-2006-7514 · Ca · Ca Brightstor Arcserve Backup

Winny Thomas

Publicado

2006-12-31

Atualizado

2021-04-07

CVE-2006-6917

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CA BrightStor ARCserve Backup R11.5 Server versions prior to SP2

Description: The issue concerns multiple buffer overflows that allow remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via crafted RPC requests. Specifically, the problem lies in the handling of opnum 38 in TAPEUTIL.dll 11.5.3884.0 and opnum 37 in TAPEENG.dll 11.5.3884.0.

Recommendations: For CA BrightStor ARCserve Backup R11.5 Server versions prior to SP2, apply Service Pack 2 to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6917

Produtos afetados

Ca Brightstor Arcserve Backup

PT-2006-7514 · Ca · Ca Brightstor Arcserve Backup

CVE-2006-6917

Identificadores relacionados

Produtos afetados

Referências · 13