Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-3216

Disclosure Date: June 14, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

CA BrightStor ARCserve for Laptops and Desktops LGServer Multiple Commands Buffer Overflow

CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow

CA BrightStor ARCserve for Laptops and Desktops LGServer rxsSetDataGrowthScheduleAndFilter Buffer Overflow

Description

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

broadcom

Products

brightstor arcserve backup laptops desktops 11.1

Metasploit Modules

CA BrightStor ARCserve for Laptops and Desktops LGServer Multiple Commands Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/lgserver_multi.rb)

CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/lgserver_rxsuselicenseini.rb)

CA BrightStor ARCserve for Laptops and Desktops LGServer rxsSetDataGrowthScheduleAndFilter Buffer Overflow (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/brightstor/lgserver_rxssetdatagrowthscheduleandfilter.rb)

References

Canonical

CVE-2007-3216 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3216)

BID-24348 (http://www.securityfocus.com/bid/24348)

Advisory

XF-brightstor-unspecified-code-execution(34805) (https://exchange.xforce.ibmcloud.com/vulnerabilities/34805)

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp

SECUNIA-25606 (http://secunia.com/advisories/25606)

SECTRACK-1018216 (http://www.securitytracker.com/id?1018216)

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673

OSVDB-35329 (http://osvdb.org/35329)

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

20070921 [CAID 35673, 35674, 35675, 35676, 35677]: CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities (http://www.securityfocus.com/archive/1/480252/100/100/threaded)

ADV-2007-2121 (http://www.vupen.com/english/advisories/2007/2121)

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

SECTRACK-1018728 (http://www.securitytracker.com/id?1018728)

Miscellaneous

20070920 CA ARCServe Backup for Laptops and Desktops Multiple Buffer Overflow Vulnerabilities (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599)

20070920 Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops (http://research.eeye.com/html/advisories/published/AD20070920.html)

http://research.eeye.com/html/advisories/upcoming/20070604.html

Rapid7

Technical Analysis