cvelistv5 - cve-2007-2139

CVE-2007-2139 (GCVE-0-2007-2139)

Vulnerability from cvelistv5

Published

2007-04-25 20:00

Modified

2024-08-07 13:23

Severity ?

CWE

Summary

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

References

URL

Tags

	http://securityreason.com/securityalert/2628	third-party-advisory, x_refsource_SREASON
	http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/979825	third-party-advisory, x_refsource_CERT-VN
	http://osvdb.org/35326	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/24972	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/33854	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/23635	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/466790/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1017952	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/1529	vdb-entry, x_refsource_VUPEN
	http://www.zerodayinitiative.com/advisories/ZDI-07-022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:23:50.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "2628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
          },
          {
            "name": "VU#979825",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/979825"
          },
          {
            "name": "35326",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35326"
          },
          {
            "name": "24972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24972"
          },
          {
            "name": "brightstor-sun-rpc-bo(33854)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
          },
          {
            "name": "23635",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23635"
          },
          {
            "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
          },
          {
            "name": "1017952",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017952"
          },
          {
            "name": "ADV-2007-1529",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1529"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "2628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
        },
        {
          "name": "VU#979825",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/979825"
        },
        {
          "name": "35326",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35326"
        },
        {
          "name": "24972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24972"
        },
        {
          "name": "brightstor-sun-rpc-bo(33854)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
        },
        {
          "name": "23635",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23635"
        },
        {
          "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
        },
        {
          "name": "1017952",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017952"
        },
        {
          "name": "ADV-2007-1529",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1529"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "2628",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2628"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
            },
            {
              "name": "VU#979825",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/979825"
            },
            {
              "name": "35326",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35326"
            },
            {
              "name": "24972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24972"
            },
            {
              "name": "brightstor-sun-rpc-bo(33854)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"
            },
            {
              "name": "23635",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23635"
            },
            {
              "name": "20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/466790/100/0/threaded"
            },
            {
              "name": "1017952",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017952"
            },
            {
              "name": "ADV-2007-1529",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1529"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2139",
    "datePublished": "2007-04-25T20:00:00.000Z",
    "dateReserved": "2007-04-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:23:50.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-188

Vulnerability from certfr_avis

Deux vulnérabilités dans BrightStor ARCserve Backup permettent l'exécution de code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans BrightStor ARCserve Backup. Elles affectent le service RPC du fichier mediasvr.exe. Un utilisateur malintentionné peut, par le biais de paquets RPC spécifiquement conçus, exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BrightStor ARCserve Backup v9.01 ;
Cisco	N/A	CA Server Protection Suite r2 ;
Cisco	N/A	BrightStor Enterprise Backup r10.5 ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;
N/A	N/A	BrightStor ARCserve Backup r11.5 ;
Microsoft	Windows	BrightStor ARCserve Backup r11 for Windows ;
Cisco	Small Business	CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.
N/A	N/A	BrightStor ARCserve Backup r11.1 ;
Cisco	N/A	CA Business Protection Suite r2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité ZDI-07-022 du 24 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BrightStor ARCserve Backup v9.01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Server Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor Enterprise Backup r10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11 for Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor ARCserve Backup r11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CA Business Protection Suite r2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup.\nElles affectent le service RPC du fichier mediasvr.exe. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de paquets RPC sp\u00e9cifiquement con\u00e7us,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    },
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    }
  ],
  "initial_release_date": "2007-04-25T00:00:00",
  "last_revision_date": "2007-04-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ZDI-07-022 du 24 avril 2007 :",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
    }
  ],
  "reference": "CERTA-2007-AVI-188",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup Media Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    }
  ]
}

CERTA-2007-ALE-009

Vulnerability from certfr_alerte

Une vulnérabilité dans BrightStor ARCServe Backup permettrait à un utilisateur distant d'exécuter du code arbitraire sur la machine vulnérable.

Description

Un manque de contrôle des requêtes RPC (Remote Procedure Call) passées au composant mediasvr.exe de BrightStor ARCServe Backup permettrait à un utilisateur distant mais provenant du même réseau d'exécuter du code arbitraire par le biais d'une requête RPC construite de façon particulière. Il existe une preuve de faisabilité mettant en œuvre cette vulnérabilité sur l'Internet.

Cette vulnérabilité a été corrigée et a fait l'objet de l'avis CERTA-2007-AVI-188.

Contournement provisoire

Dans la mesure où cette vulnérabilité offre à l'attaquant la possibilité de contrôler la machine à distance, il convient de :

ne pas rendre accessible depuis l'Internet la machine mettant en œuvre BrightStor ARCServe Backup ;
restreindre l'accès au service mediasvr.exe aux seules machines autorisées à dialoguer via RPC avec lui.

Solution

Se référer au bulletin de sécurité de l'éditeur (voir Documentation).

BrightStor ARCServe Backup versions 11.5 SP2 build 4237 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Computer Associates du 24 avril 2007	None	vendor-advisory
Bulletin de sécurité Secunia SA24682 du 30 mars 2007	None	vendor-advisory
Avis CERTA-2007-AVI-188 du 25 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003eBrightStor ARCServe Backup\u003c/TT\u003e  versions \u003cTT\u003e11.5 SP2 build 4237\u003c/TT\u003e et ant\u00e9rieures.",
  "closed_at": "2007-04-27",
  "content": "## Description\n\nUn manque de contr\u00f4le des requ\u00eates RPC (Remote Procedure Call) pass\u00e9es\nau composant mediasvr.exe de BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant mais provenant du m\u00eame r\u00e9seau d\u0027ex\u00e9cuter du code\narbitraire par le biais d\u0027une requ\u00eate RPC construite de fa\u00e7on\nparticuli\u00e8re. Il existe une preuve de faisabilit\u00e9 mettant en \u0153uvre cette\nvuln\u00e9rabilit\u00e9 sur l\u0027Internet.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e et a fait l\u0027objet de l\u0027avis\nCERTA-2007-AVI-188.\n\n## Contournement provisoire\n\nDans la mesure o\u00f9 cette vuln\u00e9rabilit\u00e9 offre \u00e0 l\u0027attaquant la possibilit\u00e9\nde contr\u00f4ler la machine \u00e0 distance, il convient de :\n\n-   ne pas rendre accessible depuis l\u0027Internet la machine mettant en\n    \u0153uvre BrightStor ARCServe Backup ;\n-   restreindre l\u0027acc\u00e8s au service mediasvr.exe aux seules machines\n    autoris\u00e9es \u00e0 dialoguer via RPC avec lui.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
    },
    {
      "name": "CVE-2007-2139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
    }
  ],
  "initial_release_date": "2007-03-30T00:00:00",
  "last_revision_date": "2007-04-27T00:00:00",
  "links": [
    {
      "title": "Avis CERTA-2007-AVI-188 du 25 avril 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-188/"
    }
  ],
  "reference": "CERTA-2007-ALE-009",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-30T00:00:00.000000"
    },
    {
      "description": "ajout de la section Solution, des r\u00e9f\u00e9rences au bulletin de s\u00e9curit\u00e9 Computer Associates et des entr\u00e9es CVE.",
      "revision_date": "2007-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup permettrait \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire sur la machine\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BrightStor ARCServe Backup",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia SA24682 du 30 mars 2007",
      "url": "http://www.secunia.com/advisories/24682"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-2139 (GCVE-0-2007-2139)

Vulnerability from cvelistv5

CERTA-2007-AVI-188

Vulnerability from certfr_avis

Description

Solution

CERTA-2007-ALE-009

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature