lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 16 Jun 2009 16:07:55 +0530
From: iViZ Security Advisories <advisories@...zsecurity.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [IVIZ-09-004] CA ARCserve Denial of Service

-----------------------------------------------------------------------
[ iViZ Security Advisory 09-004                            16/06/2009 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
                                           http://www.ivizsecurity.com
-----------------------------------------------------------------------


* Title:     CA ARCserve Denial of Service
* Software:  CA ARCserver Backup r12 SP1

--[ Synopsis:

   CA ARCserve Backup is vulnerable to a Denial of Service
   when a crafted packet is sent to the CA ARCserve Message
   Engine Service.


--[ Affected Software:


 * CA ARCserver Backup r12 SP1
 * Others versions may also be affected

--[ Technical description:


   CA ARCserve is vulnerable to a Denial of Service when a crafted
   RPC packet is sent to the Message engine service listening at
   6503/TCP port.

   The interface informations are as follows
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]

interface mIDA_interface
{
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;

/* opcode: 0x3B, */

long  (
[in, out] struct struct_9 * arg_1
);

}


 A crafted RPC stub data of more than 38 bytes will crash the message
 engine service at RPCRT4.dll due to marshaling errors.


--[ Impact:

   Denial of Service


--[ Vendor response:

  https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502


--[ Credits:

   This vulnerability was discovered by Nibin Varghese from
   iViZ Security Research Team
   http://www.ivizsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ