Vulnerability Details : CVE-2007-2139
Public exploit exists!
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
Vulnerability category: Execute code
Products affected by CVE-2007-2139
- cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
- cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*
- cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*
- cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2139
94.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-2139
-
CA BrightStor ArcServe Media Service Stack Buffer Overflow
Disclosure Date: 2007-04-25First seen: 2020-04-26exploit/windows/brightstor/mediasrv_sunrpcThis exploit targets a stack buffer overflow in the MediaSrv RPC service of CA BrightStor ARCserve. By sending a specially crafted SUNRPC request, an attacker can overflow a stack buffer and execute arbitrary code. Authors: - toto
CVSS scores for CVE-2007-2139
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2007-2139
-
http://www.zerodayinitiative.com/advisories/ZDI-07-022.html
-
http://www.securitytracker.com/id?1017952
-
http://www.kb.cert.org/vuls/id/979825
US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33854
-
http://securityreason.com/securityalert/2628
-
http://www.securityfocus.com/bid/23635
Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow VulnerabilitiesPatch
-
http://www.securityfocus.com/archive/1/466790/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/1529
-
http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp
Jump to