製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の CA 製品におけるバッファオーバーフローの脆弱性

Title	複数の CA 製品におけるバッファオーバーフローの脆弱性
Summary	Computer Associates (CA) BrightStor ARCserve Backup、Enterprise Backup および CA Server/Business Protection Suite には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、以下の opnum への巧妙に細工されたデータを伴う RPC リクエストを介して、任意のコードを実行される可能性があります。 (1) Message Engine RPC サービス内の opnum 0x2F (2) Message Engine RPC サービス内の opnum 0x75 (3) Tape Engine サービス内の opnum 0xCF
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 11, 2007, midnight
Registration Date	June 26, 2012, 3:45 p.m.
Last Update	June 26, 2012, 3:45 p.m.

Affected System

CA Technologies

BrightStor ARCserve Backup 9.01 から 11.5

BrightStor Enterprise Backup 10.5

CA Business Protection Suite r2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0169	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0169
National Vulnerability Database (NVD)
2	CVE-2007-0169	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0169

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
CA
1	Important Security Notice for CA ARCserve Backup	http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp

その他

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-0169

Summary	Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.
Publication Date	Jan. 12, 2007, 7:28 a.m.
Registration Date	Jan. 29, 2021, 2:04 p.m.
Last Update	April 8, 2021, 3:53 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:::::::*
cpe:2.3:a:broadcom:brightstor_arcserve_backup::::::::		11.5
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:::::::*
cpe:2.3:a:broadcom:business_protection_suite:2.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=467	IDEFENSE
2	http://osvdb.org/31327	OSVDB
3	http://secunia.com/advisories/23648	SECUNIA	Vendor Advisory
4	http://securitytracker.com/id?1017506	SECTRACK
5	http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp	CONFIRM	Patch
6	http://www.kb.cert.org/vuls/id/151032	CERT-VN	US Government Resource
7	http://www.kb.cert.org/vuls/id/180336	CERT-VN	US Government Resource
8	http://www.securityfocus.com/archive/1/456618/100/0/threaded	BUGTRAQ
9	http://www.securityfocus.com/archive/1/456619/100/0/threaded	BUGTRAQ
10	http://www.securityfocus.com/archive/1/456711	BUGTRAQ
11	http://www.securityfocus.com/bid/22005	BID
12	http://www.securityfocus.com/bid/22006	BID
13	http://www.vupen.com/english/advisories/2007/0154	VUPEN	Vendor Advisory
14	http://www.zerodayinitiative.com/advisories/ZDI-07-003.html	MISC	Exploit
15	http://www.zerodayinitiative.com/advisories/ZDI-07-004.html	MISC	Exploit
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/31433	XF
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/31443	XF

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html