CVE-2006-6076: Buffer Overflow
First published: Fri Nov 24 2006(Updated: )
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom ARCserve Backup | <=11.5 | |
| Broadcom ARCserve Backup | =11.1 | |
| Broadcom ARCserve Backup | =11.5-sp1 | |
| CA ARCserve Backup for Laptops and Desktops | =11 | |
| CA ARCserve Backup for Laptops and Desktops | =11.1 | |
| Broadcom BrightStor ARCServe Backup | =11.0 | |
| Broadcom BrightStor ARCServe Backup | =11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050808.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050814.html
- http://secunia.com/advisories/23060
- http://secunia.com/advisories/24512
- http://securitytracker.com/id?1017268
- http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp
- http://www.kb.cert.org/vuls/id/437300
- http://www.securityfocus.com/archive/1/452222/100/0/threaded
- http://www.securityfocus.com/archive/1/452318/100/0/threaded
- http://www.securityfocus.com/archive/1/456711
- http://www.securityfocus.com/bid/21221
- http://www.vupen.com/english/advisories/2006/4654
- http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34817
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30453
Frequently Asked Questions
What is the severity of CVE-2006-6076?
CVE-2006-6076 has a high severity rating due to its potential for remote code execution.
How do I fix CVE-2006-6076?
To address CVE-2006-6076, it is recommended to upgrade to a version of CA BrightStor ARCserve Backup later than 11.5.
What systems are affected by CVE-2006-6076?
CVE-2006-6076 affects CA BrightStor ARCserve Backup versions 11.0 to 11.5 before any security updates.
What is the attack vector for CVE-2006-6076?
The attack vector for CVE-2006-6076 is via certain RPC requests sent to TCP port 6502.
Can CVE-2006-6076 be exploited remotely?
Yes, CVE-2006-6076 can be exploited remotely by attackers targeting the vulnerable software.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ca
- product/brightstor arcserve backup agent
- canonical/ca brightstor arcserve backup agent
- product/brightstor arcserve backup
- canonical/ca brightstor arcserve backup
- vendor/broadcom
- canonical/broadcom brightstor arcserve backup
- canonical/broadcom arcserve backup
- version/broadcom arcserve backup/11.5
- version/broadcom arcserve backup/11.1
- version/broadcom arcserve backup/11.5-sp1
- canonical/ca arcserve backup for laptops and desktops
- version/ca arcserve backup for laptops and desktops/11
- version/ca arcserve backup for laptops and desktops/11.1
- version/broadcom brightstor arcserve backup/11.0
- version/broadcom brightstor arcserve backup/11.1