CVE-2006-5171

critical

Description

Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29343

http://www.vupen.com/english/advisories/2007/0154

http://www.securityfocus.com/bid/22015

http://www.securityfocus.com/archive/1/456711

http://www.iss.net/threats/252.html

http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp

http://securitytracker.com/id?1017506

http://secunia.com/advisories/23648

http://osvdb.org/31319

Details

Source: Mitre, NVD

Published: 2007-01-16

Updated: 2021-04-07

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical