Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-5143

Published: 10/10/2006 Updated: 09/04/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 770
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ca

Vulnerability Summary

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and previous versions, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote malicious users to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ca brightstor arcserve backup 11

broadcom brightstor arcserve backup 9.01

broadcom brightstor arcserve backup 11.1

broadcom server protection suite 2

broadcom brightstor arcserve backup

broadcom brightstor enterprise backup 10.5

broadcom business protection suite 2.0

Exploits

Exploit DB: CA BrightStor ARCserve - Message Engine Heap Overflow (Metasploit)
## # $Id: message_engine_heaprb 9179 2010-04-30 08:40:19Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cl ...
Exploit DB: Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (2)
source: wwwsecurityfocuscom/bid/20365/info Multiple Computer Associates products are prone to multiple buffer-overflow vulnerabilities because the applications using an affected library fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer Exploiting these issues allows attackers ...
Exploit DB: Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (1)
source: wwwsecurityfocuscom/bid/20365/info Multiple Computer Associates products are prone to multiple buffer-overflow vulnerabilities because the applications using an affected library fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer Exploiting these issues allows attackers to ...
Exploit DB: CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow
#!/usr/bin/python # This one was listed in the SANS TOP 20 and I needed an exploit for analysis # I couldnt find a reliable exploit for my analysis and so came up with this # Remote exploit for the CA BrightStor msgengexe service stack overflow # vulnerability as described in LS-20060330pdf on lsseccom The exploit was # tested on windows 2000 ...

References

CWE-119http://www.tippingpoint.com/security/advisories/TSRT-06-11.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-06-030.htmlhttp://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asphttp://www.zerodayinitiative.com/advisories/ZDI-06-031.htmlhttp://www.securityfocus.com/bid/20365http://securitytracker.com/id?1017003http://securitytracker.com/id?1017004http://securitytracker.com/id?1017005http://securitytracker.com/id?1017006http://www.lssec.com/advisories/LS-20060220.pdfhttp://www.lssec.com/advisories/LS-20060313.pdfhttp://www.lssec.com/advisories/LS-20060330.pdfhttp://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693http://www.kb.cert.org/vuls/id/361792http://www.kb.cert.org/vuls/id/860048http://secunia.com/advisories/22285http://www.vupen.com/english/advisories/2006/3930https://exchange.xforce.ibmcloud.com/vulnerabilities/29364http://www.securityfocus.com/archive/1/447930/100/200/threadedhttp://www.securityfocus.com/archive/1/447927/100/200/threadedhttp://www.securityfocus.com/archive/1/447926/100/200/threadedhttp://www.securityfocus.com/archive/1/447862/100/100/threadedhttp://www.securityfocus.com/archive/1/447848/100/100/threadedhttp://www.securityfocus.com/archive/1/447847/100/200/threadedhttp://www.securityfocus.com/archive/1/447839/100/100/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/16401/https://www.kb.cert.org/vuls/id/860048
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook