{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"BrightStor ARCserve Backup v9.01 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Business Protection Suite r2 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor Enterprise Backup r10.5 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 ;","product":{"name":"Small Business","vendor":{"name":"Cisco","scada":false}}},{"description":"BrightStor ARCserve Backup r11 pour Windows ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;","product":{"name":"Small Business","vendor":{"name":"Cisco","scada":false}}},{"description":"BrightStor ARCserve Backup r11.5 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Server Protection Suite r2 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BrightStor ARCserve Backup r11.1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPlusieurs failles ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup :\n\n-   des vuln\u00e9rabilit\u00e9s, de type d\u00e9bordement de m\u00e9moire, permettent\n    d'ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2007-5325,\n    CVE-2007-5326 et CVE-2007-5327) ;\n-   un utilisateur peut acc\u00e9der \u00e0 des fonctionnalit\u00e9s n\u00e9cessitant\n    th\u00e9oriquement des privil\u00e8ges \u00e9lev\u00e9s (CVE-2007-5328) ;\n-   plusieurs probl\u00e8mes dans la gestion des proc\u00e9dures RPC par\n    diff\u00e9rents services permettent de r\u00e9aliser un d\u00e9ni de service. La\n    possibilit\u00e9 d'ex\u00e9cuter du code arbitraire n'est pas exclue\n    (CVE-2007-5329, CVE-2007-5330, CVE-2007-5331 et CVE-2007-5332).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-5326","url":"https://www.cve.org/CVERecord?id=CVE-2007-5326"},{"name":"CVE-2007-5330","url":"https://www.cve.org/CVERecord?id=CVE-2007-5330"},{"name":"CVE-2007-5329","url":"https://www.cve.org/CVERecord?id=CVE-2007-5329"},{"name":"CVE-2007-5325","url":"https://www.cve.org/CVERecord?id=CVE-2007-5325"},{"name":"CVE-2007-5327","url":"https://www.cve.org/CVERecord?id=CVE-2007-5327"},{"name":"CVE-2007-5331","url":"https://www.cve.org/CVERecord?id=CVE-2007-5331"},{"name":"CVE-2007-5328","url":"https://www.cve.org/CVERecord?id=CVE-2007-5328"},{"name":"CVE-2007-5332","url":"https://www.cve.org/CVERecord?id=CVE-2007-5332"}],"links":[],"reference":"CERTA-2007-AVI-437","revisions":[{"description":"version initiale.","revision_date":"2007-10-12T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s dans <span class=\"textit\">BrightStor ARCserve\nBackup</span> permettent, \u00e0 distance, d'ex\u00e9cuter du code arbitraire, de\nr\u00e9aliser un d\u00e9ni de service ou de contourner la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 11 octobre 2007","url":"http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}]}