Description
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
References (9)
Core 9
Core References
Exploit x_refsource_confirm
http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017506
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22016
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29344
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0154
Third Party Advisory third-party-advisory
x_refsource_iss
http://www.iss.net/threats/253.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23648
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/31320
Scores
EPSS
0.2346
EPSS Percentile
96.0%
Details
Status
published
Products (4)
broadcom/brightstor_arcserve_backup
9.01
broadcom/brightstor_arcserve_backup
< 11.5
broadcom/brightstor_enterprise_backup
10.5
ca/protection_suites
r2
Published
Jan 16, 2007
Tracked Since
Feb 18, 2026