PT-2007-6402 · Ca · Ca Brightstor Arcserve Backup+1

Publicado

2007-10-13

Atualizado

2021-04-09

CVE-2007-5331

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: CA BrightStor ARCServe BackUp versions 9.01 through 11.5 CA Enterprise Backup version 10.5

Description: The issue allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.

Recommendations: For CA BrightStor ARCServe BackUp versions 9.01 through 11.5, update to a version that fixes the issue with the ONRPC protocol request. For CA Enterprise Backup version 10.5, update to a version that fixes the issue with the ONRPC protocol request. As a temporary workaround, consider restricting access to the ONRPC protocol to minimize the risk of exploitation.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2007-5331

Produtos afetados

Ca Brightstor Arcserve Backup

Ca Enterprise Backup

PT-2007-6402 · Ca · Ca Brightstor Arcserve Backup+1

CVE-2007-5331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11