cvelistv5 - CVE-2006-5143

CVE-2006-5143 (GCVE-0-2006-5143)

Vulnerability from cvelistv5

Published

2006-10-06 20:00

Modified

2024-08-07 19:41

Severity ?

CWE

Summary

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

References

►

URL

Tags

cve@mitre.org	http://secunia.com/advisories/22285	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017003
cve@mitre.org	http://securitytracker.com/id?1017004
cve@mitre.org	http://securitytracker.com/id?1017005
cve@mitre.org	http://securitytracker.com/id?1017006
cve@mitre.org	http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/361792	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/860048	US Government Resource
cve@mitre.org	http://www.lssec.com/advisories/LS-20060220.pdf
cve@mitre.org	http://www.lssec.com/advisories/LS-20060313.pdf
cve@mitre.org	http://www.lssec.com/advisories/LS-20060330.pdf
cve@mitre.org	http://www.securityfocus.com/archive/1/447839/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447847/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447848/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447862/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447926/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447927/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447930/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20365
cve@mitre.org	http://www.tippingpoint.com/security/advisories/TSRT-06-11.html	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3930	Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-06-030.html	Patch, Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-06-031.html	Vendor Advisory
cve@mitre.org	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
cve@mitre.org	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22285	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017003
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017004
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017005
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017006
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/361792	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/860048	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.lssec.com/advisories/LS-20060220.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.lssec.com/advisories/LS-20060313.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.lssec.com/advisories/LS-20060330.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447839/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447847/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447848/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447862/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447926/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447927/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447930/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20365
af854a3a-2127-422b-91ae-364da2661108	http://www.tippingpoint.com/security/advisories/TSRT-06-11.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3930	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-030.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-031.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29364

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:41:05.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
          },
          {
            "name": "22285",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22285"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
          },
          {
            "name": "ca-dbasvr-rpc-bo(29364)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
          },
          {
            "name": "20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
          },
          {
            "name": "VU#361792",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/361792"
          },
          {
            "name": "20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
          },
          {
            "name": "1017004",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017004"
          },
          {
            "name": "VU#860048",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/860048"
          },
          {
            "name": "ADV-2006-3930",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3930"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
          },
          {
            "name": "20365",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20365"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
          },
          {
            "name": "20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
          },
          {
            "name": "20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
          },
          {
            "name": "1017006",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017006"
          },
          {
            "name": "1017003",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
          },
          {
            "name": "1017005",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
          },
          {
            "name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
          },
          {
            "name": "20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
        },
        {
          "name": "22285",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22285"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
        },
        {
          "name": "ca-dbasvr-rpc-bo(29364)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
        },
        {
          "name": "20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
        },
        {
          "name": "VU#361792",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/361792"
        },
        {
          "name": "20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
        },
        {
          "name": "1017004",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017004"
        },
        {
          "name": "VU#860048",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/860048"
        },
        {
          "name": "ADV-2006-3930",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3930"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
        },
        {
          "name": "20365",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20365"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
        },
        {
          "name": "20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
        },
        {
          "name": "20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
        },
        {
          "name": "1017006",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017006"
        },
        {
          "name": "1017003",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
        },
        {
          "name": "1017005",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
        },
        {
          "name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
        },
        {
          "name": "20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
            },
            {
              "name": "22285",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22285"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
            },
            {
              "name": "http://www.lssec.com/advisories/LS-20060330.pdf",
              "refsource": "MISC",
              "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
            },
            {
              "name": "ca-dbasvr-rpc-bo(29364)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
            },
            {
              "name": "20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
            },
            {
              "name": "http://www.lssec.com/advisories/LS-20060313.pdf",
              "refsource": "MISC",
              "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693",
              "refsource": "CONFIRM",
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
            },
            {
              "name": "VU#361792",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/361792"
            },
            {
              "name": "20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
            },
            {
              "name": "1017004",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017004"
            },
            {
              "name": "VU#860048",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/860048"
            },
            {
              "name": "ADV-2006-3930",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3930"
            },
            {
              "name": "http://www.lssec.com/advisories/LS-20060220.pdf",
              "refsource": "MISC",
              "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744",
              "refsource": "CONFIRM",
              "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
            },
            {
              "name": "20365",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20365"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
            },
            {
              "name": "20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
            },
            {
              "name": "20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
            },
            {
              "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html",
              "refsource": "MISC",
              "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
            },
            {
              "name": "1017006",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017006"
            },
            {
              "name": "1017003",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017003"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744",
              "refsource": "CONFIRM",
              "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
            },
            {
              "name": "1017005",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017005"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
            },
            {
              "name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
            },
            {
              "name": "20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5143",
    "datePublished": "2006-10-06T20:00:00",
    "dateReserved": "2006-10-02T00:00:00",
    "dateUpdated": "2024-08-07T19:41:05.212Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5143\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-10T04:06:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer basado en mont\u00f3n en CA BrightStor ARCserve Backup r11.5 SP1 y anteriores, r11.1, y 9.01; BrightStor ARCServe Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; y Buisiness Protection Suite r2 permiten a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante datos manipulados en el puerto TCP 6071 para el Backup Agent RPC Server (DBASVR.exe) utilizando rutinas RPC con c\u00f3digos de operaci\u00f3n (opcode) (1) 0x01, (2) 0x02, y (3) 0x18; datos de cabo (stub) inv\u00e1lidos en el puerto TCP 6503 para las rutinas RPC con c\u00f3digos de operaci\u00f3n (4)0x2b o (5) 0x2d en ASCORE.dll en el Message Engine RPC Server (msgeng.exe); (6) un nombre de anfitri\u00f3n (hostname ) largo en el puerto TCP 41523 para ASBRDCST.DLL en el Discovery Service (casdscsvc.exe); o vectores no especificados relacionados con el (7) Job Engine Service.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.5\",\"matchCriteriaId\":\"8745E951-E151-4EB6-86B4-4E8754ADEFE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37161BE-6AF5-40E0-BD63-2C17431D8B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78AA54EA-DAF1-4635-AA1B-E2E49C4BB597\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"328E1C42-488A-43FC-8DF2-758DC73B74AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8781759-7B4C-47C3-8A60-8CA5520360C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"6E236148-4A57-4FDC-A072-A77D3DD2DB53\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/22285\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017003\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017004\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017005\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017006\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/361792\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/860048\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.lssec.com/advisories/LS-20060220.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.lssec.com/advisories/LS-20060313.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.lssec.com/advisories/LS-20060330.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447839/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447847/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447848/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447862/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447926/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447927/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447930/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20365\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.tippingpoint.com/security/advisories/TSRT-06-11.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-030.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-031.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29364\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/361792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/860048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.lssec.com/advisories/LS-20060220.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.lssec.com/advisories/LS-20060313.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.lssec.com/advisories/LS-20060330.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447839/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447847/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447848/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447862/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447926/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447927/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447930/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20365\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.tippingpoint.com/security/advisories/TSRT-06-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29364\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2006-5143

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-5143

Aliases

CVE-2006-5143

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5143",
    "description": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.",
    "id": "GSD-2006-5143",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-5143"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5143"
      ],
      "details": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.",
      "id": "GSD-2006-5143",
      "modified": "2023-12-13T01:19:56.075975Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5143",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
          },
          {
            "name": "22285",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22285"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
          },
          {
            "name": "http://www.lssec.com/advisories/LS-20060330.pdf",
            "refsource": "MISC",
            "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
          },
          {
            "name": "ca-dbasvr-rpc-bo(29364)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
          },
          {
            "name": "20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
          },
          {
            "name": "http://www.lssec.com/advisories/LS-20060313.pdf",
            "refsource": "MISC",
            "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
          },
          {
            "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693",
            "refsource": "CONFIRM",
            "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
          },
          {
            "name": "VU#361792",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/361792"
          },
          {
            "name": "20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
          },
          {
            "name": "1017004",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017004"
          },
          {
            "name": "VU#860048",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/860048"
          },
          {
            "name": "ADV-2006-3930",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3930"
          },
          {
            "name": "http://www.lssec.com/advisories/LS-20060220.pdf",
            "refsource": "MISC",
            "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
          },
          {
            "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744",
            "refsource": "CONFIRM",
            "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
          },
          {
            "name": "20365",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20365"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
          },
          {
            "name": "20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
          },
          {
            "name": "20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
          },
          {
            "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html",
            "refsource": "MISC",
            "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
          },
          {
            "name": "1017006",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017006"
          },
          {
            "name": "1017003",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017003"
          },
          {
            "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744",
            "refsource": "CONFIRM",
            "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
          },
          {
            "name": "1017005",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017005"
          },
          {
            "name": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
          },
          {
            "name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
          },
          {
            "name": "20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5143"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
            },
            {
              "name": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
            },
            {
              "name": "20365",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/20365"
            },
            {
              "name": "1017003",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017003"
            },
            {
              "name": "1017004",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017004"
            },
            {
              "name": "1017005",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017005"
            },
            {
              "name": "1017006",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017006"
            },
            {
              "name": "http://www.lssec.com/advisories/LS-20060220.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
            },
            {
              "name": "http://www.lssec.com/advisories/LS-20060313.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
            },
            {
              "name": "http://www.lssec.com/advisories/LS-20060330.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
            },
            {
              "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
            },
            {
              "name": "VU#361792",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/361792"
            },
            {
              "name": "VU#860048",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/860048"
            },
            {
              "name": "22285",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22285"
            },
            {
              "name": "ADV-2006-3930",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3930"
            },
            {
              "name": "ca-dbasvr-rpc-bo(29364)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
            },
            {
              "name": "20061007 LS-20060313 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
            },
            {
              "name": "20061007 LS-20060330 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
            },
            {
              "name": "20061007 LS-20060220 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
            },
            {
              "name": "20061005 TSRT-06-11: CA Multiple Product DBASVR RPC Server Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
            },
            {
              "name": "20061005 ZDI-06-031: CA Multiple Product Message Engine RPC Server Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
            },
            {
              "name": "20061005 ZDI-06-030: CA Multiple Product Discovery Service Remote Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
            },
            {
              "name": "20061006 [CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-04-09T18:54Z",
      "publishedDate": "2006-10-10T04:06Z"
    }
  }
}

ghsa-cmcj-pm23-xgh6

Vulnerability from github

Published

2022-05-01 07:25

Modified

2022-05-01 07:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-10-10T04:06:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.",
  "id": "GHSA-cmcj-pm23-xgh6",
  "modified": "2022-05-01T07:25:23Z",
  "published": "2022-05-01T07:25:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5143"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22285"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017003"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017004"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017005"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017006"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/361792"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/860048"
    },
    {
      "type": "WEB",
      "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20365"
    },
    {
      "type": "WEB",
      "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3930"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
    },
    {
      "type": "WEB",
      "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
    },
    {
      "type": "WEB",
      "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
    },
    {
      "type": "WEB",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2006-5143

Vulnerability from fkie_nvd

Published

2006-10-10 04:06

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/22285	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017003
cve@mitre.org	http://securitytracker.com/id?1017004
cve@mitre.org	http://securitytracker.com/id?1017005
cve@mitre.org	http://securitytracker.com/id?1017006
cve@mitre.org	http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/361792	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/860048	US Government Resource
cve@mitre.org	http://www.lssec.com/advisories/LS-20060220.pdf
cve@mitre.org	http://www.lssec.com/advisories/LS-20060313.pdf
cve@mitre.org	http://www.lssec.com/advisories/LS-20060330.pdf
cve@mitre.org	http://www.securityfocus.com/archive/1/447839/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447847/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447848/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447862/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447926/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447927/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447930/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20365
cve@mitre.org	http://www.tippingpoint.com/security/advisories/TSRT-06-11.html	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3930	Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-06-030.html	Patch, Vendor Advisory
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-06-031.html	Vendor Advisory
cve@mitre.org	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
cve@mitre.org	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
cve@mitre.org	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29364
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22285	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017003
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017004
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017005
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017006
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/361792	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/860048	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.lssec.com/advisories/LS-20060220.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.lssec.com/advisories/LS-20060313.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.lssec.com/advisories/LS-20060330.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447839/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447847/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447848/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447862/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447926/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447927/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447930/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20365
af854a3a-2127-422b-91ae-364da2661108	http://www.tippingpoint.com/security/advisories/TSRT-06-11.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3930	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-030.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-031.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775&id=90744
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397&id=90744
af854a3a-2127-422b-91ae-364da2661108	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29364

Impacted products

Vendor	Product	Version
broadcom	brightstor_arcserve_backup	*
broadcom	brightstor_arcserve_backup	9.01
broadcom	brightstor_arcserve_backup	11.1
broadcom	brightstor_enterprise_backup	10.5
broadcom	business_protection_suite	2.0
broadcom	server_protection_suite	2
ca	brightstor_arcserve_backup	11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "8745E951-E151-4EB6-86B4-4E8754ADEFE8",
              "versionEndIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8781759-7B4C-47C3-8A60-8CA5520360C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basado en mont\u00f3n en CA BrightStor ARCserve Backup r11.5 SP1 y anteriores, r11.1, y 9.01; BrightStor ARCServe Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; y Buisiness Protection Suite r2 permiten a un atacante remoto ejecutar c\u00f3digo de su elecci\u00f3n mediante datos manipulados en el puerto TCP 6071 para el Backup Agent RPC Server (DBASVR.exe) utilizando rutinas RPC con c\u00f3digos de operaci\u00f3n (opcode) (1) 0x01, (2) 0x02, y (3) 0x18; datos de cabo (stub) inv\u00e1lidos en el puerto TCP 6503 para las rutinas RPC con c\u00f3digos de operaci\u00f3n (4)0x2b o (5) 0x2d en ASCORE.dll en el Message Engine RPC Server (msgeng.exe); (6) un nombre de anfitri\u00f3n (hostname ) largo en el puerto TCP 41523 para ASBRDCST.DLL en el Discovery Service (casdscsvc.exe); o vectores no especificados relacionados con el (7) Job Engine Service."
    }
  ],
  "id": "CVE-2006-5143",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-10T04:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22285"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017004"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017006"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/361792"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/860048"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20365"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3930"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/361792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/860048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lssec.com/advisories/LS-20060220.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lssec.com/advisories/LS-20060313.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lssec.com/advisories/LS-20060330.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447839/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447847/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447848/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447862/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447926/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447927/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447930/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=93775\u0026id=90744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?pid=94397\u0026id=90744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29364"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-5143 (GCVE-0-2006-5143)

Vulnerability from cvelistv5

gsd-2006-5143

Vulnerability from gsd

ghsa-cmcj-pm23-xgh6

Vulnerability from github

fkie_cve-2006-5143

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature