Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[IVIZ-09-004] CA ARCserve Denial of Service
From: iViZ Security Advisories <advisories () ivizsecurity com>
Date: Tue, 16 Jun 2009 16:07:55 +0530

[ iViZ Security Advisory 09-004                            16/06/2009 ]
iViZ Techno Solutions Pvt. Ltd.

* Title:     CA ARCserve Denial of Service
* Software:  CA ARCserver Backup r12 SP1

--[ Synopsis:

   CA ARCserve Backup is vulnerable to a Denial of Service
   when a crafted packet is sent to the CA ARCserve Message
   Engine Service.

--[ Affected Software:

 * CA ARCserver Backup r12 SP1
 * Others versions may also be affected

--[ Technical description:

   CA ARCserve is vulnerable to a Denial of Service when a crafted
   RPC packet is sent to the Message engine service listening at
   6503/TCP port.

   The interface informations are as follows

interface mIDA_interface
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;

/* opcode: 0x3B, */

long  (
[in, out] struct struct_9 * arg_1


 A crafted RPC stub data of more than 38 bytes will crash the message
 engine service at RPCRT4.dll due to marshaling errors.

--[ Impact:

   Denial of Service

--[ Vendor response:


--[ Credits:

   This vulnerability was discovered by Nibin Varghese from
   iViZ Security Research Team

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]