Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2139

4 documents4 sources

Severity

10.0CRITICAL

EPSS

84.7%

top 0.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Brightstor Arcserve Backup Broadcom Business Protection Suite Broadcom Server Protection Suite +2 more

Timeline

PublishedApr 25

Latest updateMay 1

Description

Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDca/brightstor_arcserve_backup11

▶NVDbroadcom/brightstor_arcserve_backup11.1, 11.5, 9.01+2

▶NVDbroadcom/server_protection_suite2

▶NVDca/business_protection_suite2.0

▶NVDbroadcom/business_protection_suite2.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4jcc-qmqj-6p2x: Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightS↗2022-05-01

▶

CVEList

CVE-2007-2139: Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightS↗2007-04-25

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor ArcServe - Media Service Stack Buffer Overflow (Metasploit)↗2010-06-22

▶