CVE-2007-0672 - Vulnerability Details - OpenCVE

LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Brightstor Arcserve Backup Laptops Desktops Business Protection Suite Desktop Management Suite Desktop Protection Suite
Ca	Business Protection Suite

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:::::::*
	cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1::::::
	cpe:2.3:a:broadcom:business_protection_suite:2.0:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.0:::::::*
	cpe:2.3:a:broadcom:desktop_management_suite:11.1:::::::*
	cpe:2.3:a:broadcom:desktop_protection_suite:2.0:::::::*
	cpe:2.3:a:ca:business_protection_suite:2.0::microsoft_sbs_premium:::::
	cpe:2.3:a:ca:business_protection_suite:2.0::microsoft_sbs_standard:::::

No data.

References

Link	Providers
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp
http://www.securityfocus.com/archive/1/458653/100/0/threaded
http://www.securityfocus.com/bid/22339

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-03T01:00:00

Updated: 2024-08-07T12:26:54.307Z

Reserved: 2007-02-02T00:00:00

Link: CVE-2007-0672

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-02-03T01:28:00.000

Modified: 2024-11-21T00:26:27.470

Link: CVE-2007-0672

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\\Server\\data\\transfer\\."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070131 Remote Unauthenticated Resource Exhaustion CA Mobile BackupService", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458653/100/0/threaded"}, {"name": "22339", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22339"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0672", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\\Server\\data\\transfer\\."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070131 Remote Unauthenticated Resource Exhaustion CA Mobile BackupService", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458653/100/0/threaded"}, {"name": "22339", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22339"}, {"name": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.307Z"}, "title": "CVE Program Container", "references": [{"name": "20070131 Remote Unauthenticated Resource Exhaustion CA Mobile BackupService", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/458653/100/0/threaded"}, {"name": "22339", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22339"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0672", "datePublished": "2007-02-03T01:00:00", "dateReserved": "2007-02-02T00:00:00", "dateUpdated": "2024-08-07T12:26:54.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "4FB993B2-9A44-40E2-AA05-0CAD04BDC26D", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7461AE5-2067-4964-93B7-560CD02CEAC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "9DAE8E8B-7FD6-43CB-B07A-6D3B31E94DC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "328E1C42-488A-43FC-8DF2-758DC73B74AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "237F2346-0B9B-4CE8-8EF9-813CB3F1BC1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "22268F99-2F38-481D-A0CC-B1FC96FDB953", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:desktop_protection_suite:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB698F99-FC87-4D59-9E01-3CE7A57FE0E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*", "matchCriteriaId": "2429EE00-5359-4C47-A634-8DBC57253266", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*", "matchCriteriaId": "F33EE596-0901-4A13-BAA1-1A7C7C16AD27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\\Server\\data\\transfer\\."}, {"lang": "es", "value": "LGSERVER.EXE de BrightStor Mobile Backup 4.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de disco y colapso de demonio) mediante un valor 0xFFFFFF7F en un punto concreto en un paquete de negociaci\u00f3n de autenticaci\u00f3n, que escribe una cantidad grade de datos a un fichero . USX en CA_BABLDdata\\Server\\data\\transfer\\."}], "id": "CVE-2007-0672", "lastModified": "2024-11-21T00:26:27.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-03T01:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458653/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/458653/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22339"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}