CVE-2007-2139

Published: Apr 25, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

Affected (8)

Products: Broadcom: Brightstor Arcserve Backup, Business Protection Suite, Server Protection Suite · Ca: Brightstor Arcserve Backup, Business Protection Suite

3 products

Brightstor Arcserve Backup

Business Protection Suite

Server Protection Suite

2 products

Brightstor Arcserve Backup

Business Protection Suite

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brightstor Arcserve Backup	Version 11.1
Broadcom Brightstor Arcserve Backup	Version 11.5 sp2
Broadcom Brightstor Arcserve Backup	Version 9.01
Broadcom Business Protection Suite	Version 2.0
Broadcom Server Protection Suite	Version 2
Ca Brightstor Arcserve Backup	Version 11
Ca Business Protection Suite	Version 2.0
Ca Business Protection Suite	Version 2.0

References (22)

http://osvdb.org/35326

Source: cve@mitre.org

http://secunia.com/advisories/24972

Source: cve@mitre.org

http://securityreason.com/securityalert/2628

Source: cve@mitre.org

http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/979825

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/archive/1/466790/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23635

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1017952

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/1529

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-07-022.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33854

Source: cve@mitre.org

http://osvdb.org/35326

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24972

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/2628

Source: af854a3a-2127-422b-91ae-364da2661108

http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/979825

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/466790/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23635

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1017952

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/1529

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-07-022.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/33854

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.