CVE-2006-6917 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-6917
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6917

Description: Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

CVE Status: Candidate

References: MISC http://supportconnectw.ca.com/public/storage/infodocs/basbrtapeeng-secnotice.asp http://www.lssec.com/advisories/LS-20061001.pdf http://www.lssec.com/advisories/LS-20060908.pdf MILW0RM http://milw0rm.com/exploits/3086 CONFIRM http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97428 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34959 BUGTRAQ http://www.securityfocus.com/archive/1/456711 http://www.securityfocus.com/archive/1/archive/1/456428/100/0/threaded http://www.securityfocus.com/archive/1/454094/30/360/threaded http://www.securityfocus.com/archive/1/453933/30/420/threaded http://www.securityfocus.com/archive/1/453930/30/390/threaded

Return to the previous page.