CVE-2007-2139 | Vulnerability Database | Aqua Security

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

Affected Software

Name	Vendor	Start Version	End Version
Brightstor_arcserve_backup	Broadcom	9.01 (including)	9.01 (including)
Brightstor_arcserve_backup	Broadcom	11.1 (including)	11.1 (including)
Brightstor_arcserve_backup	Broadcom	11.5-sp2 (including)	11.5-sp2 (including)
Business_protection_suite	Broadcom	2.0 (including)	2.0 (including)
Server_protection_suite	Broadcom	2 (including)	2 (including)
Brightstor_arcserve_backup	Ca	11 (including)	11 (including)
Business_protection_suite	Ca	2.0 (including)	2.0 (including)

References

http://osvdb.org/35326
http://secunia.com/advisories/24972
http://securityreason.com/securityalert/2628
http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
http://www.kb.cert.org/vuls/id/979825
http://www.securityfocus.com/archive/1/466790/100/0/threaded
http://www.securityfocus.com/bid/23635
http://www.securitytracker.com/id?1017952
http://www.vupen.com/english/advisories/2007/1529
http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/33854

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2139
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html