CVE-2007-4620

Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679
http://secunia.com/advisories/29665
http://securityreason.com/securityalert/3799
http://www.securityfocus.com/archive/1/490466/100/0/threaded
http://www.securityfocus.com/bid/28605
http://www.securitytracker.com/id?1019789
http://www.securitytracker.com/id?1019790
http://www.vupen.com/english/advisories/2008/1103/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41639
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:::::::*
	cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:::::::*
	cpe:2.3:a:ca:brightstor_arcserve_backup:11::windows:::::
	cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8:::::::*
	cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8.1:::::::*

History

No history.

Information

Published : 2008-04-07 18:44

Updated : 2024-02-28 11:21

NVD link : CVE-2007-4620

Mitre link : CVE-2007-4620

CVE.ORG link : CVE-2007-4620

JSON object : View

Products Affected

ca

brightstor_arcserve_backup
threat_manager_for_the_enterprise

broadcom

brightstor_arcserve_backup
anti-virus_for_the_enterprise

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2007-4620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-04-07T18:44:00.000", "references": [{"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2008/04/04/ca-alert-notification-server-multiple-vulnerabilities.aspx", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29665", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3799", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/490466/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28605", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019789", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019790", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1103/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41639", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de buffer basados en pila del servicio Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0 y 7.1.758.0, usado en varios productos CA incluyendo Anti-Virus para la versi\u00f3n Enterprise 7.1 a la r11.1 y Threat Manager para la versi\u00f3n Enterprise 8.1 y r8, permiten a usuarios autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante peticiones RPC manipuladas."}], "lastModified": "2021-04-07T18:14:16.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "607CCBDA-7288-4496-A7ED-EF6DED40CA21"}, {"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B76576-ABB1-439E-80B0-0B5AAE14BA45"}, {"criteria": "cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE175BB8-DF9B-4DA0-AD2F-885CC13BB812"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36"}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414"}, {"criteria": "cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E236148-4A57-4FDC-A072-A77D3DD2DB53"}, {"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E7E12A7-F92F-47E3-B810-4019FD885B60"}, {"criteria": "cpe:2.3:a:ca:threat_manager_for_the_enterprise:r8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72342377-2084-41CB-82BF-ADEEB45BFA4E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}