CVE-2006-5143

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/22285	Vendor Advisory
http://securitytracker.com/id?1017003
http://securitytracker.com/id?1017004
http://securitytracker.com/id?1017005
http://securitytracker.com/id?1017006
http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp	Patch
http://www.kb.cert.org/vuls/id/361792	US Government Resource
http://www.kb.cert.org/vuls/id/860048	US Government Resource
http://www.lssec.com/advisories/LS-20060220.pdf
http://www.lssec.com/advisories/LS-20060313.pdf
http://www.lssec.com/advisories/LS-20060330.pdf
http://www.securityfocus.com/archive/1/447839/100/100/threaded
http://www.securityfocus.com/archive/1/447847/100/200/threaded
http://www.securityfocus.com/archive/1/447848/100/100/threaded
http://www.securityfocus.com/archive/1/447862/100/100/threaded
http://www.securityfocus.com/archive/1/447926/100/200/threaded
http://www.securityfocus.com/archive/1/447927/100/200/threaded
http://www.securityfocus.com/archive/1/447930/100/200/threaded
http://www.securityfocus.com/bid/20365
http://www.tippingpoint.com/security/advisories/TSRT-06-11.html	Patch
http://www.vupen.com/english/advisories/2006/3930	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-030.html	Patch Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-031.html	Vendor Advisory
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
https://exchange.xforce.ibmcloud.com/vulnerabilities/29364

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup::sp1::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
	cpe:2.3:a:broadcom:business_protection_suite:2.0:::::::*
	cpe:2.3:a:broadcom:server_protection_suite:2:::::::*
	cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::

History

No history.

Information

Published : 2006-10-10 04:06

Updated : 2021-04-09 18:54

NVD link : CVE-2006-5143

Mitre link : CVE-2006-5143

CVE.ORG link : CVE-2006-5143

JSON object : View

Products Affected

brightstor_arcserve_backup

broadcom

brightstor_arcserve_backup
business_protection_suite
server_protection_suite
brightstor_enterprise_backup

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2006-5143", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-10-10T04:06:00.000", "references": [{"url": "http://secunia.com/advisories/22285", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017003", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017004", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017005", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017006", "source": "cve@mitre.org"}, {"url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/361792", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/860048", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.lssec.com/advisories/LS-20060220.pdf", "source": "cve@mitre.org"}, {"url": "http://www.lssec.com/advisories/LS-20060313.pdf", "source": "cve@mitre.org"}, {"url": "http://www.lssec.com/advisories/LS-20060330.pdf", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20365", "source": "cve@mitre.org"}, {"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3930", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744", "source": "cve@mitre.org"}, {"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744", "source": "cve@mitre.org"}, {"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en mont\u00f3n en CA BrightStor ARCserve Backup r11.5 SP1 y anteriores, r11.1, y 9.01; BrightStor ARCServe Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; y Buisiness Protection Suite r2 permiten a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante datos manipulados en el puerto TCP 6071 para el Backup Agent RPC Server (DBASVR.exe) utilizando rutinas RPC con c\u00f3digos de operaci\u00f3n (opcode) (1) 0x01, (2) 0x02, y (3) 0x18; datos de cabo (stub) inv\u00e1lidos en el puerto TCP 6503 para las rutinas RPC con c\u00f3digos de operaci\u00f3n (4)0x2b o (5) 0x2d en ASCORE.dll en el Message Engine RPC Server (msgeng.exe); (6) un nombre de anfitri\u00f3n (hostname ) largo en el puerto TCP 41523 para ASBRDCST.DLL en el Discovery Service (casdscsvc.exe); o vectores no especificados relacionados con el (7) Job Engine Service."}], "lastModified": "2021-04-09T18:54:02.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8745E951-E151-4EB6-86B4-4E8754ADEFE8", "versionEndIncluding": "11.5"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597"}, {"criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF"}, {"criteria": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8781759-7B4C-47C3-8A60-8CA5520360C5"}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10