[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [IVIZ-09-004] CA ARCserve Denial of Service



-----------------------------------------------------------------------
[ iViZ Security Advisory 09-004                            16/06/2009 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
                                           http://www.ivizsecurity.com
-----------------------------------------------------------------------


* Title:     CA ARCserve Denial of Service
* Software:  CA ARCserver Backup r12 SP1

--[ Synopsis:

   CA ARCserve Backup is vulnerable to a Denial of Service
   when a crafted packet is sent to the CA ARCserve Message
   Engine Service.


--[ Affected Software:


 * CA ARCserver Backup r12 SP1
 * Others versions may also be affected

--[ Technical description:


   CA ARCserve is vulnerable to a Denial of Service when a crafted
   RPC packet is sent to the Message engine service listening at
   6503/TCP port.

   The interface informations are as follows
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]

interface mIDA_interface
{
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;

/* opcode: 0x3B, */

long  (
[in, out] struct struct_9 * arg_1
);

}


 A crafted RPC stub data of more than 38 bytes will crash the message
 engine service at RPCRT4.dll due to marshaling errors.


--[ Impact:

   Denial of Service


--[ Vendor response:

  https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502


--[ Credits:

   This vulnerability was discovered by Nibin Varghese from
   iViZ Security Research Team
   http://www.ivizsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/