CVE-2007-4620 - OpenCVE

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Brightstor Arcserve Backup Anti-virus For The Enterprise
Ca	Threat Manager For The Enterprise Brightstor Arcserve Backup

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
	cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
	cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8:::::::*
	cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8.1:::::::*

References

Link	Resource
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679
http://secunia.com/advisories/29665
http://securityreason.com/securityalert/3799
http://www.securityfocus.com/archive/1/490466/100/0/threaded
http://www.securityfocus.com/bid/28605
http://www.securitytracker.com/id?1019789
http://www.securitytracker.com/id?1019790
http://www.vupen.com/english/advisories/2008/1103/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41639
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-07T18:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-08-30T00:00:00

Link: CVE-2007-4620

JSON object: View

NVD Information

Status : Modified

Published: 2008-04-07T18:44:00.000

Modified: 2021-04-07T18:14:16.977

Link: CVE-2007-4620

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1019790", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019790"}, {"name": "3799", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3799"}, {"name": "1019789", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019789"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"}, {"name": "ca-alertnotificationserver-bo(41639)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"}, {"name": "ADV-2008-1103", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1103/references"}, {"name": "20080404 CA Alert Notification Server Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"}, {"name": "28605", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28605"}, {"name": "29665", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29665"}, {"name": "20080403 Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4620", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1019790", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019790"}, {"name": "3799", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3799"}, {"name": "1019789", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019789"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"}, {"name": "ca-alertnotificationserver-bo(41639)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"}, {"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx", "refsource": "CONFIRM", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"}, {"name": "ADV-2008-1103", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1103/references"}, {"name": "20080404 CA Alert Notification Server Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"}, {"name": "28605", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28605"}, {"name": "29665", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29665"}, {"name": "20080403 Computer Associates Alert Notification Service Multiple RPC Buffer Overflow Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4620", "datePublished": "2008-04-07T18:00:00", "dateReserved": "2007-08-30T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*", "matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "FE175BB8-DF9B-4DA0-AD2F-885CC13BB812", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*", "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8:*:*:*:*:*:*:*", "matchCriteriaId": "7E7E12A7-F92F-47E3-B810-4019FD885B60", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8.1:*:*:*:*:*:*:*", "matchCriteriaId": "72342377-2084-41CB-82BF-ADEEB45BFA4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer basados en pila del servicio Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0 y 7.1.758.0, usado en varios productos CA incluyendo Anti-Virus para la versi\u00f3n Enterprise 7.1 a la r11.1 y Threat Manager para la versi\u00f3n Enterprise 8.1 y r8, permiten a usuarios autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante peticiones RPC manipuladas."}], "id": "CVE-2007-4620", "lastModified": "2021-04-07T18:14:16.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-07T18:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29665"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3799"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28605"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019789"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019790"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1103/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}