CVE Vulnerabilities

CVE-2007-1785

Published: Mar 31, 2007 | Modified: Apr 07, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.

Affected Software

Name Vendor Start Version End Version
Brightstor_arcserve_backup Broadcom 9.01 (including) 9.01 (including)
Brightstor_arcserve_backup Broadcom 11.1 (including) 11.1 (including)
Brightstor_arcserve_backup Broadcom 11.5 (including) 11.5 (including)
Brightstor_arcserve_backup Broadcom 11.5-sp1 (including) 11.5-sp1 (including)
Brightstor_arcserve_backup Broadcom 11.5-sp2 (including) 11.5-sp2 (including)
Brightstor_arcserve_backup Ca 11 (including) 11 (including)

References