[CLOSE] OSVDB ID : 41373 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.

[CLOSE] OSVDB ID : 41367 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.

[CLOSE] OSVDB ID : 35327 - Disclosed: 2007-05-17

Description:

(Description Provided by CVE) : (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.

[CLOSE] OSVDB ID : 29580 - Disclosed: 2006-10-05

Description:

(Description Provided by CVE) : Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.

[CLOSE] OSVDB ID : 41372 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.

[CLOSE] OSVDB ID : 13613 - Disclosed: 2004-12-20

Description:

A remote overflow exists in BrightStor ARCserve Backup. The discovery service fails to properly check buffer boundries resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 44562 - Disclosed: 2008-04-17

Description:

(Description Provided by CVE) : The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.

[CLOSE] OSVDB ID : 30775 - Disclosed: 2006-12-08

Description:

(Description Provided by CVE) : Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 13814 - Disclosed: 2005-02-12

Description:

A buffer overflow exists in ARCserve Backup. The Discovery Service fails to validate packets received on TCP port 41523 resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 47545 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.

[CLOSE] OSVDB ID : 44320 - Disclosed: 2008-04-03

Description:

(Description Provided by CVE) : Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."

[CLOSE] OSVDB ID : 32948 - Disclosed: 2007-01-24

Description:

(Description Provided by CVE) : LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

[CLOSE] OSVDB ID : 41351 - Disclosed: 2007-09-20

Description:

(Description Provided by CVE) : Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.

[CLOSE] OSVDB ID : 35329 - Disclosed: 2007-09-20

Description:

Multiple buffer overflows exist in ARCserve Backup for Laptops & Desktops. The LGServer fails to validate data passed to multiple parameters resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 44328 - Disclosed: 2008-04-04

Description:

(Description Provided by CVE) : Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploads."

[CLOSE] OSVDB ID : 41353 - Disclosed: 2007-09-20

Description:

Multiple buffer overflows exists in ARCserve Backup for Laptops & Desktops. The LGServer fails to validate username and password parameters passed to the rxrLogin command and username parameters passed to the GetUserInfo function, resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 41350 - Disclosed: 2007-09-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

[CLOSE] OSVDB ID : 42323 - Disclosed: 2008-02-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 41352 - Disclosed: 2007-09-20

Description:

(Description Provided by CVE) : Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.

[CLOSE] OSVDB ID : 35326 - Disclosed: 2007-04-24

Description:

A buffer overflow exists in ARCserve Backup. The Media Server fails to validate SUN RPC requests resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 41366 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.

[CLOSE] OSVDB ID : 35328 - Disclosed: 2007-05-17

Description:

(Description Provided by CVE) : (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.

[CLOSE] OSVDB ID : 31319 - Disclosed: 2007-01-11

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.

[CLOSE] OSVDB ID : 34126 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.

[CLOSE] OSVDB ID : 31320 - Disclosed: 2007-01-11

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.

[CLOSE] OSVDB ID : 41369 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

[CLOSE] OSVDB ID : 68329 - Disclosed: 2010-10-04

Description:

ARCServe Backup is prone to an overflow condition. The Message Engine fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted DCERPC request for opcode 0x72, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 57055 - Disclosed: 2007-10-11

Description:

(Description Provided by CVE) : Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 29533 - Disclosed: 2006-10-05

Description:

A buffer overflow exists in ARCserve Backup. The Message Engine fails to validate received over the RPC interface resulting in a heap overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 41370 - Disclosed: 2007-10-10

Description:

(Description Provided by CVE) : The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."