CVE-2006-5143

EPSS 84.63%
Veröffentlicht 10.10.2006 04:06:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 30

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Broadcom ≫ Brightstor Arcserve Backup Updatesp1 Version <= 11.5

Broadcom ≫ Brightstor Arcserve Backup Version9.01

Broadcom ≫ Brightstor Arcserve Backup Version11.1

Broadcom ≫ Brightstor Enterprise Backup Version10.5

Broadcom ≫ Business Protection Suite Version2.0

Broadcom ≫ Server Protection Suite Version2

Ca ≫ Brightstor Arcserve Backup Version11 Editionwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	84.63%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp

Patch

http://www.securityfocus.com/archive/1/447839/100/100/threaded

http://www.vupen.com/english/advisories/2006/3930

Vendor Advisory

http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744

http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744

http://secunia.com/advisories/22285

Vendor Advisory

http://securitytracker.com/id?1017003

http://securitytracker.com/id?1017004

http://securitytracker.com/id?1017005