Remote Code Execution Vulnerability in CA BrightStor ARCserve Backup
CVE-2007-0168

Currently unrated

Key Information:

Vendor

Broadcom
Status
Brightstor Arcserve Backup
Brightstor Enterprise Backup
Business Protection Suite
Vendor
CVE Published:
11 January 2007

What is CVE-2007-0168?

The Tape Engine service in CA BrightStor ARCserve Backup versions 9.01 through 11.5, as well as Enterprise Backup 10.5 and CA Server/Business Protection Suite r2, is susceptible to a vulnerability that enables remote attackers to execute arbitrary code. This occurs due to improper handling of specific data in opnum 0xBF within an RPC request, potentially allowing unauthorized control over the affected systems. Users are advised to apply the relevant patches to mitigate this security risk.

References

http://supportconnectw.ca.com/public/storage/infodocs/bab...
x_refsource_CONFIRM
http://livesploit.com/advisories/LS-20061002.pdf
x_refsource_MISC
http://www.securityfocus.com/bid/22010
vdb-entryx_refsource_BID

EPSS Score

59% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-0168 : Remote Code Execution Vulnerability in CA BrightStor ARCserve Backup