Vulnerability CVE-2006-6076 - CERT Civis.Net

Vulnerability Name:

CVE-2006-6076 (CCN-30453)

Assigned:

2006-11-21

Published:

2006-11-21

Updated:

2021-04-07

Summary:

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
A denial-of-service condition may also result from exploit attempts.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Tue Nov 21 2006 - 05:06:58 CST
LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

Source: CCN
Type: Full-Disclosure Mailing List, Tue Nov 21 2006 - 18:13:42 CST
Re: [Full-disclosure] LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

Source: CCN
Type: Full-Disclosure Mailing List, Thu Mar 15 2007 - 19:31:44 CDT
[CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve Backup Tape Engine and Portmapper Vulnerabilities

Source: MITRE
Type: CNA
CVE-2006-6076

Source: FULLDISC
Type: UNKNOWN
20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

Source: FULLDISC
Type: UNKNOWN
20061122 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

Source: CCN
Type: SA23060
CA BrightStor ARCserve Backup Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
23060

Source: CCN
Type: SA24512
CA BrightStor ARCserve Backup Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24512

Source: CCN
Type: SECTRACK ID: 1017268
BrightStor ARCserve Tape Engine Buffer Overflow Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017268

Source: CONFIRM
Type: UNKNOWN
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp

Source: CCN
Type: CA SupportConnect Web site
CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice

Source: CCN
Type: US-CERT VU#437300
Computer Associates BrightStor ARCserve Backup Tape Engine fails to properly handle RPC requests

Source: CERT-VN
Type: US Government Resource
VU#437300

Source: CCN
Type: OSVDB ID: 30637
CA BrightStor ARCserve Backup Tape Engine (tapeeng.exe) RPC Overflow

Source: CCN
Type: OSVDB ID: 32990
CA BrightStor ARCserve Backup Tape Engine RPC DoS

Source: BUGTRAQ
Type: UNKNOWN
20061121 LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20061122 RE: LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
21221

Source: CCN
Type: BID-21221
Computer Associates BrightStor ARCserve Backup Tape Engine Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-4654

Source: CONFIRM
Type: UNKNOWN
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317

Source: CONFIRM
Type: UNKNOWN
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817

Source: CCN
Type: Computer Associates Web site
BrightStore ARCserve Backup for Windows

Source: XF
Type: UNKNOWN
brightstor-arcserve-tapeeng-bo(30453)

Source: XF
Type: UNKNOWN
cabrightstorarcserve-tapeeng-bo(30453)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [11-21-2006]
CA BrightStor ARCserve Tape Engine Buffer Overflow

Vulnerable Configuration:

Configuration 1:

cpe:/a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*

OR cpe:/a:ca:brightstor_arcserve_backup_agent:11.0:*:sql:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*

OR cpe:/a:ca:brightstor_arcserve_backup:11.1:*:windows:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:sp1:*:*:*:*:*:*

OR cpe:/a:ca:brightstor_arcserve_backup_agent:11.1:*:sql:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_arcserve_backup:*:*:*:*:*:*:*:* (Version <= 11.5)

Configuration CCN 1:

cpe:/a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*

OR cpe:/a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*

OR cpe:/a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*

OR cpe:/a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*

Denotes that component is vulnerable