PT-2006-7514 · Ca · Ca Brightstor Arcserve Backup
Winny Thomas
·
Published
2006-12-31
·
Updated
2021-04-07
·
CVE-2006-6917
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
CA BrightStor ARCserve Backup R11.5 Server versions prior to SP2
Description:
The issue concerns multiple buffer overflows that allow remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via crafted RPC requests. Specifically, the problem lies in the handling of opnum 38 in TAPEUTIL.dll 11.5.3884.0 and opnum 37 in TAPEENG.dll 11.5.3884.0.
Recommendations:
For CA BrightStor ARCserve Backup R11.5 Server versions prior to SP2, apply Service Pack 2 to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ca Brightstor Arcserve Backup