Vulnerability Name: CVE-2006-0306 (CCN-24166) Assigned: 2006-01-17 Published: 2006-01-17 Updated: 2021-04-13 Summary: The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption or application hang) via a large network packet, which causes a WSAEMESGSIZE error code that is not handled, leading to a thread exit. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-399 Vulnerability Consequences: Denial of Service References: Source: CCNDM Primer error handling weakness & an old CAM BO revisited CAID 33756 - DM Deployment Common Component Vulnerabilities CVE-2006-0306 CVE-2006-0307 CA DM Deployment Common Component Denial of Service 18531 DM Deployment Common Component (DMPrimer) Lets Remote Users Deny Service 1015504 DM Deployment Common Component Vulnerabilities. http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp http://www.designfolks.com.au/karma/DMPrimer/ 22529 CA Multiple Products Crafted Traffic DM Primer DoS CA Multiple Products DM Primer Crafted UDP Packet WSAEMESGSIZE Error Condition DoS 20060118 CAID 33756 - DM Deployment Common Component Vulnerabilities 16276 Computer Associates Unicenter Remote Control DM Primer Remote Denial of Service Vulnerability ADV-2006-0236 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756 ca-unicenter-dmprimer-dos(24166) Vulnerable Configuration: Configuration 1 :cpe:/a:broadcom:brightstor_mobile_backup:r4.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_remote_control:6.0_build_6.0.56.3:*:*:en:*:*:*:* OR cpe:/a:ca:unicenter_remote_control:6.0_build_6.0.74:*:*:de:*:*:*:* OR cpe:/a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:* OR cpe:/a:ca:unicenter_remote_control:6.0:sp1:*:en:*:*:*:* OR cpe:/a:ca:unicenter_remote_control:6.0:sp1:*:fr:*:*:*:* OR cpe:/a:broadcom:desktop_protection_suite:2.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:server_protection_suite:2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:5.2:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_remote_control:6.0_build_6.0.74:*:*:en:*:*:*:* OR cpe:/a:ca:unicenter_remote_control:6.0_build_6.0.74:*:*:fr:*:*:*:* Configuration CCN 1 :cpe:/a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:* AND cpe:/a:ca:brightstor_arcserve_backup:11.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:* OR cpe:/a:ca:brightstor_arcserve_backup:11.1::sp1:*:*:*:*:* OR cpe:/a:broadcom:brightstor_mobile_backup:r4.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:desktop_protection_suite:2.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:server_protection_suite:2:*:*:*:*:*:*:* OR cpe:/a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:* BACK
broadcom brightstor mobile backup r4.0
broadcom business protection suite 2.0
ca unicenter remote control 6.0_build_6.0.56.3
ca unicenter remote control 6.0_build_6.0.74
broadcom brightstor arcserve backup laptops desktops 11.0
broadcom unicenter remote control 6.0
broadcom unicenter remote control 6.0 sp1
broadcom brightstor arcserve backup laptops desktops 11.1
broadcom brightstor arcserve backup laptops desktops 11.1 sp1
ca unicenter remote control 6.0 sp1
ca unicenter remote control 6.0 sp1
broadcom desktop protection suite 2.0
broadcom server protection suite 2
broadcom unicenter remote control 5.2
ca unicenter remote control 6.0_build_6.0.74
ca unicenter remote control 6.0_build_6.0.74
ca unicenter remote control 6.0
ca unicenter remote control 6.0 sp1
ca brightstor arcserve backup 11.0
ca brightstor arcserve backup 11.1
ca brightstor arcserve backup 11.1
ca brightstor mobile backup r4.0
ca desktop protection suite 2.0
ca server protection suite 2
ca business protection suite 2.0
Denotes that component is vulnerable