Published: 23/01/2007 Updated: 08/04/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote malicious users to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

Vulnerable Product	Search on Vulmon	Subscribe to Product
broadcom brightstor arcserve backup laptops desktops 11.0
broadcom desktop protection suite 2.0
broadcom brightstor mobile backup r4.0
broadcom business protection suite 2.0
broadcom desktop management suite 11.0
broadcom desktop management suite 11.1
broadcom brightstor arcserve backup laptops desktops 11.1

## # $Id: lgserverrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metaspl ...

#!/usr/bin/python # I couldnt find a reliable exploit for my analysis and so came up with this # Remote exploit for the CA BrightStor msgengexe service heap overflow # vulnerability as described in LS-20060313pdf on lsseccom The exploit was # tested on windows 2000 SP0 Opens a shell on TCP port 4444 Shouldnt be hard # to port to other platfo ...

#!/usr/bin/perl # # original exploit by lsseccom this is a perl porting # # acaro [at] jervusit use IO::Socket::INET; use Switch; if (@ARGV < 3) { print "--------------------------------------------------------------------\n"; print "Usage : BrightStoreARCServer-11-5-4targetspl -hTargetIPAddress -oTargetReturnAddress\n"; print " Return a ...

#!/usr/bin/python # Remote exploit for the CA BrightStor Arcserve stack overflow as # described in wwwsecurityfocuscom/archive/1/458648/30/0/threaded # # # Winny Thomas ;-) # Author shall bear no responsibility for any screw ups caused by using this code # import os import sys import socket import struct #Portbind shellcode; Binds shell ...

CWE-119 http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=34993 http://www.kb.cert.org/vuls/id/357308 http://www.kb.cert.org/vuls/id/611276 http://www.securityfocus.com/bid/22340 http://www.securityfocus.com/bid/22342 http://www.osvdb.org/31593 http://secunia.com/advisories/23897 http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97696 http://securitytracker.com/id?1017548 http://www.securityfocus.com/bid/22199 http://www.vupen.com/english/advisories/2007/0314 https://exchange.xforce.ibmcloud.com/vulnerabilities/31704 http://www.securityfocus.com/archive/1/458648/100/0/threaded http://www.securityfocus.com/archive/1/458644/100/0/threaded http://www.securityfocus.com/archive/1/457945/30/8460/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/16400/https://www.kb.cert.org/vuls/id/611276

CVE-2007-0449

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect