CVE-2007-5082 : Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r

Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.

Published 2007-10-01 20:17:00

Updated 2021-04-07 18:20:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2007-5082

Probability of exploitation activity in the next 30 days: 80.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2007-5082

CA BrightStor HSM Buffer Overflow

Disclosure Date: 2007-09-27

First seen: 2020-04-26

exploit/windows/brightstor/hsmserver

This module exploits one of the multiple stack buffer overflows in Computer Associates BrightStor HSM. By sending a specially crafted request, an attacker could overflow the buffer and execute arbitrary code. Authors: - toto

More information

CVSS scores for CVE-2007-5082

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-5082

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-5082

http://securitytracker.com/id?1018747

CVEs referencing this url
http://www.securityfocus.com/bid/25823

Computer Associates BrightStor Hierarchical Storage Manager CsAgent Multiple Remote Vulnerabilities

CVEs referencing this url
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=601

CVEs referencing this url
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp

Patch

CVEs referencing this url
http://dvlabs.tippingpoint.com/advisory/TPTI-07-16
https://exchange.xforce.ibmcloud.com/vulnerabilities/36825
http://www.securityfocus.com/archive/1/480808/100/0/threaded

CVEs referencing this url
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35690

Patch
http://www.vupen.com/english/advisories/2007/3275

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2007-5082

Broadcom » Brightstor Hierarchical Storage Manager » Version: 11.5
cpe:2.3:a:broadcom:brightstor_hierarchical_storage_manager:11.5:*:*:*:*:*:*:*
Matching versions