CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2139

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile24.69th
PublishedApr 25, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

Affected Platforms (CPE)

πŸ“¦
Broadcom

Brightstor Arcserve Backup

= 9.01
πŸ“¦
Broadcom

Brightstor Arcserve Backup

= 11.1
πŸ“¦
Broadcom

Brightstor Arcserve Backup

= 11.5
πŸ“¦
Broadcom

Business Protection Suite

= 2.0
πŸ“¦
Broadcom

Server Protection Suite

= 2
πŸ“¦
Ca

Brightstor Arcserve Backup

= 11
πŸ“¦
Ca

Business Protection Suite

= 2.0
πŸ“¦
Ca

Business Protection Suite

= 2.0

References & Advisories

πŸ”— http://osvdb.org/35326
πŸ”— http://secunia.com/advisories/24972
πŸ”— http://securityreason.com/securityalert/2628
πŸ”— http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
πŸ”— http://www.kb.cert.org/vuls/id/979825
πŸ”— http://www.securityfocus.com/archive/1/466790/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/23635
πŸ”— http://www.securitytracker.com/id?1017952

Related Vulnerabilities

CVE-2005-026010.0

Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to ex...

CVE-2006-607610.0

Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier ...

CVE-2005-169310.0

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, e...

CVE-2006-691710.0

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers t...