[Full-disclosure] [IVIZ-09-004] CA ARCserve Denial of Service

---

[ iViZ Security Advisory 09-004                            16/06/2009 ]

iViZ Techno Solutions Pvt. Ltd.
                                           http://www.ivizsecurity.com

• Title:     CA ARCserve Denial of Service
• Software:  CA ARCserver Backup r12 SP1

–[ Synopsis:

CA ARCserve Backup is vulnerable to a Denial of Service
   when a crafted packet is sent to the CA ARCserve Message
   Engine Service.

–[ Affected Software:

* CA ARCserver Backup r12 SP1
 * Others versions may also be affected

–[ Technical description:

CA ARCserve is vulnerable to a Denial of Service when a crafted
   RPC packet is sent to the Message engine service listening at
   6503/TCP port.

The interface informations are as follows
[
uuid(dc246bf0-7a7a-11ce-9f88-00805fe43838),
version(1.0)
]

interface mIDA_interface
{
typedef struct struct_9 {
long elem_1;
long elem_2;
char * elem_3;
char * elem_4;
long elem_5;
long elem_6;
long elem_7;
long elem_8;
short elem_9;
short elem_10;
} struct_9 ;

/* opcode: 0x3B, */

long  (
[in, out] struct struct_9 * arg_1
);

}

A crafted RPC stub data of more than 38 bytes will crash the message
 engine service at RPCRT4.dll due to marshaling errors.

–[ Impact:

Denial of Service

–[ Vendor response:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209502

–[ Credits:

This vulnerability was discovered by Nibin Varghese from
   iViZ Security Research Team
   http://www.ivizsecurity.com

---

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/