CA ARCserver Backup r12 SP1 suffers from a denial of service vulnerability when a crafted RPC packet is sent to the Message engine service listening on the 6503/TCP port.
d100df20dbf699b0a22cc11a36a303cf4de361999e6be3a5f64269392317896c-----------------------------------------------------------------------
[ iViZ Security Advisory 09-004 16/06/2009 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
http://www.ivizsecurity.com
-----------------------------------------------------------------------
* Title: CA ARCserve Denial of Service
* Software: CA ARCserver Backup r12 SP1
--[ Synopsis:
CA ARCserve Backup is vulnerable to a Denial of Service
when a crafted packet is sent to the CA ARCserve Message
Engine Service.
--[ Affected Software:
* CA ARCserver Backup r12 SP1
* Others versions may also be affected
--[ Technical description:
CA ARCserve is vulnerable to a Denial of Service when a crafted
RPC packet is sent to the Message engine service listening at
6503/TCP port.
The interface informations are as follows
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]
interface mIDA_interface
{
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;
/* opcode: 0x3B, */
long (
[in, out] struct struct_9 * arg_1
);
}
A crafted RPC stub data of more than 38 bytes will crash the message
engine service at RPCRT4.dll due to marshaling errors.
--[ Impact:
Denial of Service
--[ Vendor response:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502
--[ Credits:
This vulnerability was discovered by Nibin Varghese from
iViZ Security Research Team
http://www.ivizsecurity.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed