| Vulnerability Name: | CVE-2007-3216 (CCN-34805) | ||||||||
| Assigned: | 2007-06-04 | ||||||||
| Published: | 2007-06-04 | ||||||||
| Updated: | 2021-04-07 | ||||||||
| Summary: | Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
8.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-3216 Source: IDEFENSE Type: UNKNOWN 20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities Source: OSVDB Type: UNKNOWN 35329 Source: EEYE Type: UNKNOWN 20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops Source: CCN Type: EEYEB-20070604 Multiple flaws exist within CA ARCserveĀ® Backup for Laptops & Desktops which allow for remote execution of arbitrary code with no user interaction. Source: MISC Type: UNKNOWN http://research.eeye.com/html/advisories/upcoming/20070604.html Source: CCN Type: SA25606 CA ARCserve Backup for Laptops & Desktops Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 25606 Source: CCN Type: SECTRACK ID: 1018216 BrightStor ARCserve for Laptops and Desktops Lets Remote Users Execute Arbitrary Code Source: CCN Type: SECTRACK ID: 1018728 CA ARCserve Bugs Let Remote Users Execute Arbitrary Code, Bypass Authentication, and Deny Service Source: CCN Type: CA SupportConnect Security Notice June 8, 2007 BrightStor ARCserve Backup for Laptops and Desktops Source: CONFIRM Type: UNKNOWN http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp Source: CCN Type: CA SupportConnect Web site, September 21, 2007 CA ARCserve Backup for Laptops and Desktops Server Security Notice Source: CONFIRM Type: UNKNOWN http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp Source: CONFIRM Type: Vendor Advisory http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006 Source: CCN Type: CA Security Advisory Vulnerability ID: 35673 CA ARCserve Backup for Laptops and Desktops LGServer service multiple vulnerabilities Source: CONFIRM Type: Vendor Advisory http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673 Source: CCN Type: OSVDB ID: 35329 CA BrightStor ARCserve Backup for Laptops & Desktops Multiple Overflows Source: BUGTRAQ Type: UNKNOWN 20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities Source: BID Type: UNKNOWN 24348 Source: CCN Type: BID-24348 Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities Source: SECTRACK Type: UNKNOWN 1018216 Source: SECTRACK Type: UNKNOWN 1018728 Source: VUPEN Type: Vendor Advisory ADV-2007-2121 Source: XF Type: UNKNOWN ca-arcservebackup-lgserver-bo(34805) Source: XF Type: UNKNOWN brightstor-unspecified-code-execution(34805) Source: CCN Type: iDefense PUBLIC ADVISORY: 09.20.07 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities Source: CCN Type: Rapid7 Vulnerability and Exploit Database [06-06-2007] CA BrightStor ARCserve for Laptops and Desktops LGServer Multiple Commands Buffer Overflow Source: CCN Type: Rapid7 Vulnerability and Exploit Database [06-06-2007] CA BrightStor ARCserve for Laptops and Desktops LGServer rxsSetDataGrowthScheduleAndFilter Buffer Overflow Source: CCN Type: Rapid7 Vulnerability and Exploit Database [06-06-2007] CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||