lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Mar 2008 22:44:02 +0100 From: Luigi Auriemma <aluigi@...istici.org> To: bugtraq@...urityfocus.com, news@...uriteam.com, full-disclosure@...ts.grok.org.uk, vuln@...unia.com, packet@...ketstormsecurity.org Subject: NULL pointer in Acronis True Image Windows Agent 1.0.0.54 ####################################################################### Luigi Auriemma Application: Acronis True Image Windows Agent http://www.acronis.com/enterprise/products/ATIES/windows-agent.html Versions: <= 1.0.0.54 (included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages) Platforms: Windows Linux is not affected Bug: NULL pointer Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: aluigi@...istici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== The Acronis Agent is an essential component of Acronis True Image Echo Server (Workstation and Enterprise packages) and is a server running on the TCP and UDP port 9876 which allows the local and remote management of Acronis TrueImage. The Acronis True Image Windows Agent must be not confused with the Acronis Snap Deploy Management Agent which uses the same ports but a different protocol and so it's not affected by this bug. ####################################################################### ====== 2) Bug ====== A NULL pointer vulnerability can be exploited through the sending of a malformed packet to the server causing its immediate termination. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/acroagent.txt nc SERVER 9876 -v -v < acroagent.txt ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org
Powered by blists - more mailing lists