{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2628", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2628"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"}, {"name": "VU#979825", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/979825"}, {"name": "35326", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35326"}, {"name": "24972", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24972"}, {"name": "brightstor-sun-rpc-bo(33854)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"}, {"name": "23635", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23635"}, {"name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"}, {"name": "1017952", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017952"}, {"name": "ADV-2007-1529", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1529"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2628", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2628"}, {"name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"}, {"name": "VU#979825", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/979825"}, {"name": "35326", "refsource": "OSVDB", "url": "http://osvdb.org/35326"}, {"name": "24972", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24972"}, {"name": "brightstor-sun-rpc-bo(33854)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"}, {"name": "23635", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23635"}, {"name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"}, {"name": "1017952", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017952"}, {"name": "ADV-2007-1529", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1529"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.811Z"}, "title": "CVE Program Container", "references": [{"name": "2628", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2628"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"}, {"name": "VU#979825", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/979825"}, {"name": "35326", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35326"}, {"name": "24972", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24972"}, {"name": "brightstor-sun-rpc-bo(33854)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"}, {"name": "23635", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23635"}, {"name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"}, {"name": "1017952", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017952"}, {"name": "ADV-2007-1529", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1529"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2139", "datePublished": "2007-04-25T20:00:00", "dateReserved": "2007-04-18T00:00:00", "dateUpdated": "2024-08-07T13:23:50.811Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*", "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "C689BA77-8B88-4742-9AF1-567E12B92E17", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*", "matchCriteriaId": "A8781759-7B4C-47C3-8A60-8CA5520360C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*", "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*", "matchCriteriaId": "2429EE00-5359-4C47-A634-8DBC57253266", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*", "matchCriteriaId": "F33EE596-0901-4A13-BAA1-1A7C7C16AD27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."}, {"lang": "es", "value": "M\u00faltiple desbordamiento de b\u00fafer basado en pila en el servicio SUN RPC del CA (antiguamente Computer Associates) BrightStor ARCserve Media Server, como el utilizado en el BrightStor ARCserve Backup 9.01 hasta la 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2 y Business Protection Suite 2, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de cadenas RPC mal formadas. Vulnerabilidad diferente a las CVE-2006-5171, CVE-2006-5172 y CVE-2007-1785."}], "id": "CVE-2007-2139", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-25T20:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35326"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24972"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2628"}, {"source": "cve@mitre.org", "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/979825"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23635"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017952"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1529"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/979825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/23635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}