[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [IVIZ-09-004] CA ARCserve Denial of Service
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [IVIZ-09-004] CA ARCserve Denial of Service
- From: iViZ Security Advisories <advisories@xxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jun 2009 16:07:55 +0530
-----------------------------------------------------------------------
[ iViZ Security Advisory 09-004 16/06/2009 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
http://www.ivizsecurity.com
-----------------------------------------------------------------------
* Title: CA ARCserve Denial of Service
* Software: CA ARCserver Backup r12 SP1
--[ Synopsis:
CA ARCserve Backup is vulnerable to a Denial of Service
when a crafted packet is sent to the CA ARCserve Message
Engine Service.
--[ Affected Software:
* CA ARCserver Backup r12 SP1
* Others versions may also be affected
--[ Technical description:
CA ARCserve is vulnerable to a Denial of Service when a crafted
RPC packet is sent to the Message engine service listening at
6503/TCP port.
The interface informations are as follows
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]
interface mIDA_interface
{
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;
/* opcode: 0x3B, */
long (
[in, out] struct struct_9 * arg_1
);
}
A crafted RPC stub data of more than 38 bytes will crash the message
engine service at RPCRT4.dll due to marshaling errors.
--[ Impact:
Denial of Service
--[ Vendor response:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502
--[ Credits:
This vulnerability was discovered by Nibin Varghese from
iViZ Security Research Team
http://www.ivizsecurity.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/