Vulnerabilities > CVE-2007-2139
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 | |
Application | 3 |
Exploit-Db
description | CA BrightStor ArcServe Media Service Stack Buffer Overflow. CVE-2007-2139. Remote exploit for windows platform |
id | EDB-ID:16413 |
last seen | 2016-02-01 |
modified | 2010-06-22 |
published | 2010-06-22 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16413/ |
title | CA BrightStor ArcServe Media Service Stack Buffer Overflow |
Metasploit
description | This exploit targets a stack buffer overflow in the MediaSrv RPC service of CA BrightStor ARCserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code. |
id | MSF:EXPLOIT/WINDOWS/BRIGHTSTOR/MEDIASRV_SUNRPC |
last seen | 2020-06-13 |
modified | 2017-09-09 |
published | 2007-05-03 |
references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2139 |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/brightstor/mediasrv_sunrpc.rb |
title | CA BrightStor ArcServe Media Service Stack Buffer Overflow |
Nessus
NASL family | Windows |
NASL id | ARCSERVE_QO87569.NASL |
description | According to its version, the installation of BrightStor ARCserve Backup on the remote host is affected by multiple vulnerabilities in the Mediasrv RPC service. First, the service does not properly sanitize a string given as an argument to different RPC functions prior to calling the function strncpy. By sending a specially crafted packet it is possible to overflow a stack buffer. The second vulnerability involves the handler given as an argument for most RPC functions. The service does the check that the handler is valid. By sending a specially crafted handler to those functions, it is possible to redirect the execution flow. An unauthenticated, remote attacker may be able to leverage these issues to crash or disable the service or to execute arbitrary code on the affected host with SYSTEM privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25086 |
published | 2007-04-25 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25086 |
title | CA BrightStor ARCserve Backup Multiple Vulnerabilities (QO87569) |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/82968/mediasrv_sunrpc.rb.txt |
id | PACKETSTORM:82968 |
last seen | 2016-12-05 |
published | 2009-11-26 |
reporter | toto |
source | https://packetstormsecurity.com/files/82968/CA-BrightStor-ArcServe-Media-Service-Stack-Overflow.html |
title | CA BrightStor ArcServe Media Service Stack Overflow |
Saint
bid | 23635 |
description | BrightStor ARCserve Media Server SUN RPC buffer overflow |
id | misc_arcserve240 |
osvdb | 34127 |
title | brightstor_arcserve_mediasvr_sunrpc |
type | remote |
References
- http://osvdb.org/35326
- http://secunia.com/advisories/24972
- http://securityreason.com/securityalert/2628
- http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
- http://www.kb.cert.org/vuls/id/979825
- http://www.securityfocus.com/archive/1/466790/100/0/threaded
- http://www.securityfocus.com/bid/23635
- http://www.securitytracker.com/id?1017952
- http://www.vupen.com/english/advisories/2007/1529
- http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33854