CVE-2007-5331

Published: Oct 13, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.

Affected (9)

Products: Broadcom: Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite, Server Protection Suite · Ca: Brightstor Arcserve Backup, Business Protection Suite

4 products

Brightstor Arcserve Backup

Brightstor Enterprise Backup

Business Protection Suite

Server Protection Suite

2 products

Brightstor Arcserve Backup

Business Protection Suite

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Broadcom Brightstor Arcserve Backup	Version 11.1
Broadcom Brightstor Arcserve Backup	Version 11.5
Broadcom Brightstor Arcserve Backup	Version 9.01
Broadcom Brightstor Enterprise Backup	Version 10.5
Broadcom Business Protection Suite	Version 2.0
Broadcom Server Protection Suite	Version 2
Ca Brightstor Arcserve Backup	Version 11
Ca Business Protection Suite	Version 2.0
Ca Business Protection Suite	Version 2.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (20)

http://osvdb.org/41371

Source: cve@mitre.org

http://research.eeye.com/html/advisories/published/AD20071011.html

Source: cve@mitre.org

http://secunia.com/advisories/27192

Source: cve@mitre.org

Vendor Advisory

http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/482114/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482121/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24680

Source: cve@mitre.org

http://www.securitytracker.com/id?1018805

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3470

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/37071

Source: cve@mitre.org

http://osvdb.org/41371

Source: af854a3a-2127-422b-91ae-364da2661108

http://research.eeye.com/html/advisories/published/AD20071011.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27192

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/482114/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/482121/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24680

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018805

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3470

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/37071

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.