PT-2007-6109 · Ca · Ca Brightstor Arcserve Backup For Laptops/Desktops+1

Published

2007-10-01

Updated

2021-04-08

CVE-2007-5003

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA BrightStor ARCserve Backup for Laptops and Desktops versions r11.0 through r11.5

Description The issue concerns multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by providing a long username or password to the "rxrLogin command" in rxRPC.dll, or a long username argument to the GetUserInfo function.

Recommendations For versions r11.0 through r11.5, consider disabling the rxrLogin command in rxRPC.dll and restricting access to the GetUserInfo function until a patch is available. Avoid using long username or password values in the affected API endpoint until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-5003

Affected Products

Ca Brightstor Arcserve Backup For Laptops/Desktops

Rxrpc.Dll

PT-2007-6109 · Ca · Ca Brightstor Arcserve Backup For Laptops/Desktops+1

CVE-2007-5003

Weakness Enumeration

Related Identifiers

Affected Products

References · 12