Remote Code Execution Vulnerability in CA BrightStor ARCServe Backup Products
CVE-2007-5330

Currently unrated

Key Information:

Vendor

Broadcom
Status
Brightstor Arcserve Backup
Brightstor Enterprise Backup
Vendor
CVE Published:
13 October 2007

What is CVE-2007-5330?

The cadbd RPC service in CA BrightStor ARCServe Backup versions from v9.01 through R11.5 and Enterprise Backup R10.5 is vulnerable to remote code execution. An attacker can exploit this vulnerability via stack-based buffer overflows present in certain unspecified RPC procedures. Additionally, it may lead to memory corruption due to the mishandling of 'handle' RPC arguments treated as pointers, effectively allowing unauthorized execution of code.

References

http://secunia.com/advisories/27192
third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/41374
vdb-entryx_refsource_OSVDB
http://supportconnectw.ca.com/public/storage/infodocs/bas...
x_refsource_CONFIRM

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-5330 : Remote Code Execution Vulnerability in CA BrightStor ARCServe Backup Products