Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5143

CWE-119Buffer Overflow7 documents4 sources
Severity
7.5HIGH
EPSS
84.6%
top 0.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Broadcom Brightstor Arcserve BackupBroadcom Brightstor Enterprise BackupBroadcom Business Protection Suite+2 more
Timeline
PublishedOct 10
Latest updateMay 1

Description

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

Patches

Patch: supportconnectw.ca.comPatch: www.tippingpoint.comPatch: www.zerodayinitiative.com

🔴Vulnerability Details

2
GHSA
GHSA-cmcj-pm23-xgh6: Multiple buffer overflows in CA BrightStor ARCserve Backup r112022-05-01
CVEList
CVE-2006-5143: Multiple buffer overflows in CA BrightStor ARCserve Backup r112006-10-06

💥Exploits & PoCs

4
Exploit-DB
CA BrightStor ARCserve - Message Engine Heap Overflow (Metasploit)2010-04-30
Exploit-DB
CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow2007-03-16
Exploit-DB
Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (1)2006-10-05
Exploit-DB
Computer Associates Products Message Engine RPC Server - Multiple Buffer Overflow Vulnerabilities (2)2006-10-05
CVE-2006-5143 (HIGH CVSS 7.5) | Multiple buffer overflows in CA Bri | cvebase.io