CVE-2007-0169

Name of the Vulnerable Software and Affected Versions Computer Associates (CA) BrightStor ARCserve Backup versions 9.01 through 11.5 Computer Associates (CA) Enterprise Backup version 10.5 Computer Associates (CA) Server/Business Protection Suite version r2

Description The issue allows remote attackers to execute arbitrary code via RPC requests with crafted data for specific opnums in the Message Engine RPC service or the Tape Engine service. Specifically, the opnums affected are 0x2F, 0x75 in the Message Engine RPC service, and 0xCF in the Tape Engine service.

Recommendations For Computer Associates (CA) BrightStor ARCserve Backup versions 9.01 through 11.5, update to a version outside of this range to mitigate the risk. For Computer Associates (CA) Enterprise Backup version 10.5, update to a version outside of this range to mitigate the risk. For Computer Associates (CA) Server/Business Protection Suite version r2, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Message Engine RPC service and the Tape Engine service to minimize the risk of exploitation.