CVE-2006-5143 (CNNVD-200610-099)
中文标题:
CA产品消息引擎RPC服务器多个缓冲区错误漏洞
英文标题:
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; B...
漏洞描述
中文描述:
Computer Associates是世界领先的安全厂商,产品包括多种杀毒软件及备份恢复系统。 CA多个产品的消息引擎处理用户请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 ASCORE.dll是CA多个产品的消息引擎RPC服务器所使用的DLL。当消息引擎(msgeng.exe)在处理TCP 6503端口ID为dc246bf0-7a7a-11ce-9f88-00805fe43838的端点上的RPC请求时,可能会触发一个堆溢出和一个栈溢出。有漏洞的操作分别是由这个端口上的Opnum 43和Opnum 45指定的。如果用户能够发送超长字符串做为任何一个上述opcode的第二个参数的话,就会导致以系统权限执行任意指令。包含的OP代码(1) 0x01, (2) 0x02, (3) 0x18; (4) 0x2b (5) 0x2d 消息内核心的ASCORE.dll (6) Discovery 服务(casdscsvc.exe)中ASBRDCST.DLL的长的主机名在TCP端口4152; 和未明向量 (7) Job Engine Service有关。
英文描述:
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| broadcom | brightstor_arcserve_backup | * | - | - |
cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*
|
| broadcom | brightstor_arcserve_backup | 9.01 | - | - |
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
|
| broadcom | brightstor_arcserve_backup | 11.1 | - | - |
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
|
| broadcom | brightstor_enterprise_backup | 10.5 | - | - |
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
|
| broadcom | business_protection_suite | 2.0 | - | - |
cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*
|
| broadcom | server_protection_suite | 2 | - | - |
cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
|
| ca | brightstor_arcserve_backup | 11 | - | - |
cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
exploitdb
exploitdb
exploitdb
exploitdb
exploitdb
exploitdb
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-5143 |
2025-11-11 15:17:45 | 2025-11-11 07:32:37 |
| NVD | nvd_CVE-2006-5143 |
2025-11-11 14:51:51 | 2025-11-11 07:41:23 |
| CNNVD | cnnvd_CNNVD-200610-099 |
2025-11-11 15:08:53 | 2025-11-11 07:49:10 |
| EXPLOITDB | exploitdb_EDB-16401 |
2025-11-11 15:05:55 | 2025-11-11 08:10:59 |
| EXPLOITDB | exploitdb_EDB-28765 |
2025-11-11 15:05:55 | 2025-11-11 08:24:25 |
| EXPLOITDB | exploitdb_EDB-28766 |
2025-11-11 15:05:55 | 2025-11-11 08:24:25 |
| EXPLOITDB | exploitdb_EDB-3495 |
2025-11-11 15:05:55 | 2025-11-11 08:30:35 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 34 -> 36
- tags_count: 5 -> 6
查看详细变更
- references_count: 32 -> 34
查看详细变更
- references_count: 30 -> 32
- tags_count: 4 -> 5
查看详细变更
- references_count: 27 -> 30
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-200610-099
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 7
- data_sources: ['cve'] -> ['cve', 'nvd']