CVE-2006-5172: Buffer Overflow
First published: Tue Jan 16 2007(Updated: )
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CA Protection Suites | =r2 | |
| Broadcom BrightStor ARCServe Backup | <=11.5 | |
| Broadcom BrightStor ARCServe Backup | =9.01 | |
| Broadcom BrightStor Enterprise Backup | =10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
- http://www.iss.net/threats/253.html
- http://www.securityfocus.com/bid/22016
- http://secunia.com/advisories/23648
- http://securitytracker.com/id?1017506
- http://www.securityfocus.com/archive/1/456711
- http://osvdb.org/31320
- http://www.vupen.com/english/advisories/2007/0154
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29344
Frequently Asked Questions
What is the severity of CVE-2006-5172?
CVE-2006-5172 is considered to have a high severity due to the potential for remote code execution.
How do I fix CVE-2006-5172?
To fix CVE-2006-5172, update to a patched version of CA Brightstor ARCserve Backup or CA Protection Suites that addresses this vulnerability.
What systems are affected by CVE-2006-5172?
CVE-2006-5172 affects CA Brightstor ARCserve Backup versions 9.01 to 11.5, CA Protection Suites r2, and Broadcom BrightStor Enterprise Backup 10.5.
What type of attack does CVE-2006-5172 enable?
CVE-2006-5172 enables remote attackers to execute arbitrary code on affected systems through crafted SUNRPC packets.
When was CVE-2006-5172 disclosed?
CVE-2006-5172 was disclosed in September 2006.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/ca
- product/protection suites
- canonical/ca protection suites
- vendor/broadcom
- product/brightstor arcserve backup
- canonical/broadcom brightstor arcserve backup
- product/brightstor enterprise backup
- canonical/broadcom brightstor enterprise backup
- agent/software-canonical-lookup-request
- collector/nvd-index
- version/ca protection suites/r2
- canonical/brightstor arcserve backup
- version/brightstor arcserve backup/11.5
- version/brightstor arcserve backup/9.01
- version/broadcom brightstor enterprise backup/10.5