lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 10 Mar 2008 22:44:02 +0100
From: Luigi Auriemma <aluigi@...istici.org>
To: bugtraq@...urityfocus.com, news@...uriteam.com,
	full-disclosure@...ts.grok.org.uk, vuln@...unia.com,
	packet@...ketstormsecurity.org
Subject: NULL pointer in Acronis True Image Windows Agent
	1.0.0.54


#######################################################################

                             Luigi Auriemma

Application:  Acronis True Image Windows Agent
              http://www.acronis.com/enterprise/products/ATIES/windows-agent.html
Versions:     <= 1.0.0.54
              (included in Acronis True Image Enterprise Server
              9.5.0.8072 and the other True Image packages)
Platforms:    Windows
              Linux is not affected
Bug:          NULL pointer
Exploitation: remote
Date:         08 Mar 2008
Author:       Luigi Auriemma
              e-mail: aluigi@...istici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


The Acronis Agent is an essential component of Acronis True Image Echo
Server (Workstation and Enterprise packages) and is a server running on
the TCP and UDP port 9876 which allows the local and remote management
of Acronis TrueImage.

The Acronis True Image Windows Agent must be not confused with the
Acronis Snap Deploy Management Agent which uses the same ports but a
different protocol and so it's not affected by this bug.


#######################################################################

======
2) Bug
======


A NULL pointer vulnerability can be exploited through the sending of a
malformed packet to the server causing its immediate termination.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/acroagent.txt

  nc SERVER 9876 -v -v < acroagent.txt


#######################################################################

======
4) Fix
======


No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ