CVE-2006-5171
published 2007-01-16CVE-2006-5171: Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup…
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
16.43%
96.6th percentile
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | brightstor_arcserve_backup | <= 11.5 | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_arcserve_backup | — | — |
| broadcom | brightstor_enterprise_backup | — | — |
| broadcom | business_protection_suite | — | — |
| broadcom | server_protection_suite | — | — |
| ca | brightstor_arcserve_backup | — | — |
| ca | business_protection_suite | — | — |
| ca | protection_suites | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mj9m-qq8f-v3w3: Stack-based buffer overflow in the RPC interface in Mediasvr
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2006-5171 [CRITICAL] GHSA-mj9m-qq8f-v3w3: Stack-based buffer overflow in the RPC interface in Mediasvr
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.
GHSA
GHSA-4jcc-qmqj-6p2x: Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightS
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2007-2139 [CRITICAL] GHSA-4jcc-qmqj-6p2x: Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightS
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
GHSA
GHSA-j994-cw63-pgjf: Stack-based buffer overflow in the RPC interface in Mediasvr
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2006-5172 [CRITICAL] GHSA-j994-cw63-pgjf: Stack-based buffer overflow in the RPC interface in Mediasvr
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/31319http://secunia.com/advisories/23648http://securitytracker.com/id?1017506http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asphttp://www.iss.net/threats/252.htmlhttp://www.securityfocus.com/archive/1/456711http://www.securityfocus.com/bid/22015http://www.vupen.com/english/advisories/2007/0154https://exchange.xforce.ibmcloud.com/vulnerabilities/29343http://osvdb.org/31319http://secunia.com/advisories/23648http://securitytracker.com/id?1017506http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asphttp://www.iss.net/threats/252.htmlhttp://www.securityfocus.com/archive/1/456711http://www.securityfocus.com/bid/22015http://www.vupen.com/english/advisories/2007/0154https://exchange.xforce.ibmcloud.com/vulnerabilities/29343
2007-01-16
Published