Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026

CVE-2006-5143

Description

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

Affected products

Broadcom Corporation/Brightstor Arcserve Backup3 versions
cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:*:sp1:*:*:*:*:*:*range: <=11.5
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
Broadcom Corporation/Brightstor Enterprise Backup
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
Broadcom Corporation/Business Protection Suite
cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*
Broadcom Corporation/Server Protection Suite
cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
Ca/Brightstor Arcserve Backup
cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

supportconnectw.ca.com/public/storage/infodocs/basbr-secnotice.aspnvdPatch
www.tippingpoint.com/security/advisories/TSRT-06-11.htmlnvdPatch
www.zerodayinitiative.com/advisories/ZDI-06-030.htmlnvdPatchVendor Advisory
secunia.com/advisories/22285nvdVendor Advisory
www.vupen.com/english/advisories/2006/3930nvdVendor Advisory
www.zerodayinitiative.com/advisories/ZDI-06-031.htmlnvdVendor Advisory
www.kb.cert.org/vuls/id/361792nvdUS Government Resource
www.kb.cert.org/vuls/id/860048nvdUS Government Resource
securitytracker.com/idnvd
securitytracker.com/idnvd
securitytracker.com/idnvd
securitytracker.com/idnvd
www.lssec.com/advisories/LS-20060220.pdfnvd
www.lssec.com/advisories/LS-20060313.pdfnvd
www.lssec.com/advisories/LS-20060330.pdfnvd
www.securityfocus.com/archive/1/447839/100/100/threadednvd
www.securityfocus.com/archive/1/447847/100/200/threadednvd
www.securityfocus.com/archive/1/447848/100/100/threadednvd
www.securityfocus.com/archive/1/447862/100/100/threadednvd
www.securityfocus.com/archive/1/447926/100/200/threadednvd
www.securityfocus.com/archive/1/447927/100/200/threadednvd
www.securityfocus.com/archive/1/447930/100/200/threadednvd
www.securityfocus.com/bid/20365nvd
www3.ca.com/securityadvisor/blogs/posting.aspxnvd
www3.ca.com/securityadvisor/blogs/posting.aspxnvd
www3.ca.com/securityadvisor/vulninfo/vuln.aspxnvd
exchange.xforce.ibmcloud.com/vulnerabilities/29364nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.068
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000