CVE-2007-2139
Summary
| CVE | CVE-2007-2139 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-04-25 20:19:00 UTC |
| Updated | 2021-04-09 18:54:00 UTC |
| Description | Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Broadcom | Brightstor Arcserve Backup | 11.1 | All | All | All |
| Application | Broadcom | Brightstor Arcserve Backup | 11.5 | sp2 | All | All |
| Application | Broadcom | Brightstor Arcserve Backup | 9.01 | All | All | All |
| Application | Broadcom | Business Protection Suite | 2.0 | All | All | All |
| Application | Broadcom | Server Protection Suite | 2 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11 | All | windows | All |
| Application | Ca | Brightstor Arcserve Backup | 11.1 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.5 | sp2 | All | All |
| Application | Ca | Brightstor Arcserve Backup | 9.01 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11 | All | windows | All |
| Application | Ca | Brightstor Arcserve Backup | 11.1 | All | All | All |
| Application | Ca | Brightstor Arcserve Backup | 11.5 | sp2 | All | All |
| Application | Ca | Brightstor Arcserve Backup | 9.01 | All | All | All |
| Application | Ca | Business Protection Suite | 2.0 | All | All | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_sbs_premium | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_sbs_standard | All |
| Application | Ca | Business Protection Suite | 2.0 | All | All | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_sbs_premium | All |
| Application | Ca | Business Protection Suite | 2.0 | All | microsoft_sbs_standard | All |
| Application | Ca | Server Protection Suite | 2 | All | All | All |
| Application | Ca | Server Protection Suite | 2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CA BrightStor ARCserve Backup Media Server Multiple Buffer Overflows - Advisories - Secunia | SECUNIA | secunia.com | |
| CXSecurity - IDS | SREASON | securityreason.com | |
| Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | Patch |
| US-CERT Vulnerability Note VU#979825 | CERT-VN | www.kb.cert.org | US Government Resource |
| 35326 | OSVDB | osvdb.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CA BrightStor ArcServe Media Server Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp | CONFIRM | supportconnectw.ca.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| ZDI-07-022 | MISC | www.zerodayinitiative.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.