CVE-2007-5003 - OpenCVE

Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Broadcom	Desktop Management Suite Brightstor Arcserve Backup Laptops Desktops
Ca	Protection Suites

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1::::::
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.0:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.1:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.2:::::::*
	cpe:2.3:a:ca:protection_suites:r2:::::::*

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599
http://research.eeye.com/html/advisories/published/AD20070920.html
http://secunia.com/advisories/25606	Vendor Advisory
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006	Patch
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674	Patch
http://www.securityfocus.com/archive/1/480252/100/100/threaded
http://www.securityfocus.com/bid/24348
http://www.securitytracker.com/id?1018728

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-01T20:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-09-20T00:00:00

Link: CVE-2007-5003

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-01T20:17:00.000

Modified: 2021-04-08T13:31:08.817

Link: CVE-2007-5003

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24348", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24348"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"}, {"name": "25606", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25606"}, {"name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"}, {"name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"}, {"name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops", "tags": ["third-party-advisory", "x_refsource_EEYE"], "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"}, {"name": "1018728", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018728"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24348", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24348"}, {"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674", "refsource": "CONFIRM", "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"}, {"name": "25606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25606"}, {"name": "20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"}, {"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006", "refsource": "CONFIRM", "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"}, {"name": "20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"}, {"name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"}, {"name": "20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops", "refsource": "EEYE", "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"}, {"name": "1018728", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018728"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5003", "datePublished": "2007-10-01T20:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "261A513C-CBD4-4A1C-B58A-A9005774EC87", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "7B9C97C1-D295-4A84-B179-3FDF51DE1DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "22268F99-2F38-481D-A0CC-B1FC96FDB953", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6195AFF-0039-4F48-9E02-ACE8CF052EA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*", "matchCriteriaId": "47C10BA4-B241-4F65-8FA1-AD88266C03B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en CA (Computer Associates) BrightStor ARCserve Backup para Port\u00e1til y Sobremesa r11.0 hasta r11.5 permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un (1) nombre de usuario \u00f3 (2) contrase\u00f1a largos en el comando rxrLogin de rxRPC.dll, \u00f3 un (3) argumento nombre de usuario largo en la funci\u00f3n GetUserInfo."}], "id": "CVE-2007-5003", "lastModified": "2021-04-08T13:31:08.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-01T20:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599"}, {"source": "cve@mitre.org", "url": "http://research.eeye.com/html/advisories/published/AD20070920.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25606"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35674"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/480252/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24348"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018728"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}