{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"CA Server Protection Suite r2 ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"BrightStor Enterprise Backup r10.5 ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}},{"description":"CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;","product":{"name":"Small Business","vendor":{"name":"Cisco","scada":false}}},{"description":"BrightStor ARCserve Backup r11.5 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup r11 for Windows ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"BrightStor ARCserve Backup r9.01 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.","product":{"name":"Small Business","vendor":{"name":"Cisco","scada":false}}},{"description":"BrightStor ARCserve Backup r11.1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Business Protection Suite r2 ;","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nQuatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans BrightStor ARCserve :\n\n-   un d\u00e9bordement de tampon possible dans le service Tape Engine qui\n    permet l'ex\u00e9cution de code arbitraire ;\n-   une corruption de m\u00e9moire dans le traitement de proc\u00e9dures RPC par\n    le service Tape Engine qui cause un d\u00e9ni de service et\n    potentiellement l'ex\u00e9cution de code arbitraire ;\n-   un mauvais traitement de param\u00e8tres par le service catirpc.dll qui\n    permet \u00e0 un attaquant d'envoyer des requ\u00eates malform\u00e9es pour causer\n    un d\u00e9ni de service ;\n-   une fonction RPC, pouvant \u00eatre appel\u00e9e par une personne\n    malintentionn\u00e9e distante, qui \u00e9teint le service Tape Engine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2006-6076","url":"https://www.cve.org/CVERecord?id=CVE-2006-6076"},{"name":"CVE-2007-0816","url":"https://www.cve.org/CVERecord?id=CVE-2007-0816"},{"name":"CVE-2007-1447","url":"https://www.cve.org/CVERecord?id=CVE-2007-1447"},{"name":"CVE-2007-1448","url":"https://www.cve.org/CVERecord?id=CVE-2007-1448"}],"links":[],"reference":"CERTA-2007-AVI-133","revisions":[{"description":"version initiale.","revision_date":"2007-03-16T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Quatre vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve peuvent \u00eatre exploit\u00e9es\npar une personne malintentionn\u00e9e distante afin d'effectuer un d\u00e9ni de\nservice ou une ex\u00e9cution de code arbitraire.\n","title":"Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 de CA du 15 mars 2007","url":"http://supportconnecttw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp"}]}