Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-0449

Disclosure Date: January 23, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow

Description

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

broadcom

Products

Metasploit Modules

CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/lgserver.rb)

References

Canonical

CVE-2007-0449 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0449)

BID-22340 (http://www.securityfocus.com/bid/22340)

BID-22199 (http://www.securityfocus.com/bid/22199)

BID-22342 (http://www.securityfocus.com/bid/22342)

Advisory

http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696

OSVDB-31593 (http://www.osvdb.org/31593)

VU#611276 (http://www.kb.cert.org/vuls/id/611276)

20070131 Remote Unauthenticated Code Execution II CA BrightStor ARCserve Backup for Laptops & Desktops (http://www.securityfocus.com/archive/1/458648/100/0/threaded)

SECUNIA-23897 (http://secunia.com/advisories/23897)

20070131 Remote Unauthenticated Code Execution CA BrightStor ARCserve Backup (http://www.securityfocus.com/archive/1/458644/100/0/threaded)

http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993

XF-ca-multiple-unspecified-bo(31704) (https://exchange.xforce.ibmcloud.com/vulnerabilities/31704)

20070124 [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and Desktops Multiple Overflow Vulnerabilities (http://www.securityfocus.com/archive/1/457945/30/8460/threaded)

ADV-2007-0314 (http://www.vupen.com/english/advisories/2007/0314)

VU#357308 (http://www.kb.cert.org/vuls/id/357308)

SECTRACK-1017548 (http://securitytracker.com/id?1017548)

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp

Rapid7

Technical Analysis