CVE-2007-3216

Name of the Vulnerable Software and Affected Versions: CA BrightStor ARCserve Backup for Laptops and Desktops version r11.1

Description: The issue is related to multiple buffer overflows in the LGServer component. These buffer overflows can be triggered by remote attackers sending crafted arguments to various commands, including rxsAddNewUser, rxsSetUserInfo, rxsRenameUser, rxsSetMessageLogSettings, rxsExportData, rxsSetServerOptions, rxsRenameFile, rxsACIManageSend, rxsExportUser, rxsImportUser, rxsMoveUserData, rxsUseLicenseIni, rxsLicGetSiteId, rxsGetLogFileNames, rxsGetBackupLog, rxsBackupComplete, rxsSetDataProtectionSecurityData, rxsSetDefaultConfigName, rxsGetMessageLogSettings, rxsHWDiskGetTotal, rxsHWDiskGetFree, rxsGetSubDirs, rxsGetServerDBPathName, rxsSetServerOptions, rxsDeleteFile, rxsACIManageSend, rxcReadBackupSetList, rxcWriteConfigInfo, rxcSetAssetManagement, rxcWriteFileListForRestore, rxcReadSaveSetProfile, rxcInitSaveSetProfile, rxcAddSaveSetNextAppList, rxcAddSaveSetNextFilesPathList, rxcAddNextBackupSetIncWildCard, rxcGetRevisions, rxrAddMovedUser, rxrSetClientVersion, or rxsSetDataGrowthScheduleAndFilter. This can lead to the execution of arbitrary code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.