Vulnerability Details : CVE-2006-6076
Public exploit exists!
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-6076
- cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:windows:*:*:*:*:*
- cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
- cpe:2.3:a:ca:brightstor_arcserve_backup_agent:11.1:*:sql:*:*:*:*:*
- cpe:2.3:a:ca:brightstor_arcserve_backup_agent:11.0:*:sql:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6076
78.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-6076
-
CA BrightStor ARCserve Tape Engine Buffer Overflow
Disclosure Date: 2006-11-21First seen: 2020-04-26exploit/windows/brightstor/tape_engineThis module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code. Authors: - MC <mc@metasploit.com> - aus
CVSS scores for CVE-2006-6076
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2006-6076
-
http://www.securityfocus.com/archive/1/452222/100/0/threaded
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html
-
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30453
-
http://www.securityfocus.com/bid/21221
Computer Associates BrightStor ARCserve Backup Tape Engine Remote Buffer Overflow Vulnerability
-
http://www.kb.cert.org/vuls/id/437300
US Government Resource
-
http://securitytracker.com/id?1017268
-
http://www.vupen.com/english/advisories/2006/4654
-
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
-
http://www.securityfocus.com/archive/1/456711
-
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
-
http://www.securityfocus.com/archive/1/452318/100/0/threaded
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html
Jump to