CVE-2006-5172

critical

Description

Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29344

http://www.vupen.com/english/advisories/2007/0154

http://www.securityfocus.com/bid/22016

http://www.securityfocus.com/archive/1/456711

http://www.iss.net/threats/253.html

http://securitytracker.com/id?1017506

http://secunia.com/advisories/23648

http://osvdb.org/31320

Details

Source: Mitre, NVD

Published: 2007-01-16

Updated: 2021-04-07

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical