CVE-2007-3216

critical

Description

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34805

http://www.vupen.com/english/advisories/2007/2121

http://www.securitytracker.com/id?1018728

http://www.securitytracker.com/id?1018216

http://www.securityfocus.com/bid/24348

http://www.securityfocus.com/archive/1/480252/100/100/threaded

http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35673

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/bsabld-securitynotice.asp

http://secunia.com/advisories/25606

http://research.eeye.com/html/advisories/upcoming/20070604.html

http://research.eeye.com/html/advisories/published/AD20070920.html

http://osvdb.org/35329

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=599

Details

Source: Mitre, NVD

Published: 2007-06-14

Updated: 2021-04-07

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical