CVE-2007-5005 : Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and De

Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

Published 2007-10-01 20:17:00

Updated 2021-04-08 13:31:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2007-5005

Probability of exploitation activity in the next 30 days: 4.73%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-5005

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-5005

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-5005

http://research.eeye.com/html/advisories/published/AD20070920.html

CVEs referencing this url
http://www.securityfocus.com/archive/1/480252/100/100/threaded

CVEs referencing this url
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35676

Patch
http://www.securityfocus.com/bid/24348

Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities

CVEs referencing this url
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

Patch

CVEs referencing this url
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

Patch

CVEs referencing this url
http://www.securitytracker.com/id?1018728

CVEs referencing this url

Products affected by CVE-2007-5005

CA » Protection Suites » Version: R2
cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.0
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.1
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.1 Update SP1
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.1:sp1:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 11.5
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:11.5:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup Laptops Desktops » Version: 4.0
cpe:2.3:a:broadcom:brightstor_arcserve_backup_laptops_desktops:4.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Desktop Management Suite » Version: 11.0
cpe:2.3:a:broadcom:desktop_management_suite:11.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Desktop Management Suite » Version: 11.1
cpe:2.3:a:broadcom:desktop_management_suite:11.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Desktop Management Suite » Version: 11.2
cpe:2.3:a:broadcom:desktop_management_suite:11.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-5005

Exploit prediction scoring system (EPSS) score for CVE-2007-5005

CVSS scores for CVE-2007-5005

CWE ids for CVE-2007-5005

References for CVE-2007-5005

Products affected by CVE-2007-5005