BrightStor Hierarchical Storage Manager < r11.6 Multiple Remote Vulnerabilities

Critical Nessus Plugin ID 26914


The remote data migration service is affected by multiple issues.


According to its engine build, the installation of BrightStor Hierarchical Storage Manager on the remote host has multiple vulnerabilities affecting its CsAgent service, including buffer overflows and SQL injection vulnerabilities. An unauthenticated remote attacker may be able to leverage these issues to run arbitrary SQL commands, crash the affected service, or even execute arbitrary code with SYSTEM privileges.


Upgrade to BrightStor Hierarchical Storage Manager r11.6 or later.

See Also

Plugin Details

Severity: Critical

ID: 26914

File Name: hsm_r11_6.nasl

Version: $Revision: 1.14 $

Type: remote

Agent: windows

Family: Windows

Published: 2007/10/04

Modified: 2016/11/18

Dependencies: 26913

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Metasploit (CA BrightStor HSM Buffer Overflow)

Reference Information

CVE: CVE-2007-5082, CVE-2007-5083, CVE-2007-5084

BID: 25823

OSVDB: 41363, 41364, 41365

CWE: 89, 119