BrightStor Hierarchical Storage Manager < r11.6 Multiple Remote Vulnerabilities

critical Nessus Plugin ID 26914

Synopsis

The remote data migration service is affected by multiple issues.

Description

According to its engine build, the installation of BrightStor Hierarchical Storage Manager on the remote host has multiple vulnerabilities affecting its CsAgent service, including buffer overflows and SQL injection vulnerabilities. An unauthenticated remote attacker may be able to leverage these issues to run arbitrary SQL commands, crash the affected service, or even execute arbitrary code with SYSTEM privileges.

Solution

Upgrade to BrightStor Hierarchical Storage Manager r11.6 or later.

See Also

http://www.nessus.org/u?706b6c19

https://seclists.org/bugtraq/2007/Sep/384

https://seclists.org/bugtraq/2007/Oct/26

https://seclists.org/bugtraq/2007/Oct/27

http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=156444

Plugin Details

Severity: Critical

ID: 26914

File Name: hsm_r11_6.nasl

Version: 1.16

Type: remote

Agent: windows

Family: Windows

Published: 10/4/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (CA BrightStor HSM Buffer Overflow)

Reference Information

CVE: CVE-2007-5082, CVE-2007-5083, CVE-2007-5084

BID: 25823

CWE: 119, 89