Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
Published 2006-10-10 04:06:00
Updated 2021-04-09 18:54:02
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2006-5143

96.99%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2006-5143

  • CA BrightStor ARCserve Message Engine Heap Overflow
    Disclosure Date: 2006-10-05
    First seen: 2020-04-26
    exploit/windows/brightstor/message_engine_heap
    This module exploits a heap overflow in Computer Associates BrightStor ARCserve Backup 11.5. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code. Authors: - MC <mc@metasploit.com>

CVSS scores for CVE-2006-5143

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

CWE ids for CVE-2006-5143

  • The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-5143

Products affected by CVE-2006-5143

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!