CA BrightStor ARCserve Backup 'rxRPC.dll'整数溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190312 漏洞类型 数字错误
发布时间 2007-06-06 更新时间 2007-10-03
CVE编号 CVE-2007-5004 CNNVD-ID CNNVD-200710-003
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-003
|漏洞详情
ARCServeBackupforLaptopsandDesktops(L&D)是适用于中小业务的ARCServeBackup备份工具版本。认证口令整数溢出rxRPC.dll的认证部分存在栈溢出漏洞。带有无效口令的合法认证请求示例如下:1:0000000030rxrLogin~~administrator~~182:000000000000000000加密的无效口令可能导致可利用的情况:.text:00231F24movcl,[esi+8].text:00231F27andecx,0x0F.text:00231F2Aaddesp,8.text:00231F2Ddececx;XXXXIntegerOverflowIfECX=0.text:00231F2Emov[esp+0x7C+var_6C],eax.text:00231F32movdwPasswordCopyLength,ecx.text:00231F38moveax,ecx.text:00231F3Aleaesi,[esp+0x7C+var_6C].text:00231F3Emovedi,ebx.text:00231F40shrecx,2.text:00231F43repmovs;XXXXEXCEPTION:HITSPAGEBOUNDARYXXXX源缓冲区中的数据包含有大量不可控的数据,但还存在用户名的拷贝,因此如果在原始报文中指定了超长用户名的话就会覆盖异常处理器。
|参考资料

来源:www.ca.com
链接:http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35675
来源:www.ca.com
链接:http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006
来源:supportconnectw.ca.com
链接:http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
来源:SECUNIA
名称:25606
链接:http://secunia.com/advisories/25606
来源:SECTRACK
名称:1018728
链接:http://www.securitytracker.com/id?1018728
来源:BID
名称:24348
链接:http://www.securityfocus.com/bid/24348
来源:EEYE
名称:20070920MultipleVulnerabilitiesinCAARCserveforLaptops&Desktops
链接:http://research.eeye.com/html/advisories/published/AD20070920.html
来源:BUGTRAQ
名称:20070921[CAID35673,35674,35675,35676,35677]:CAARCserveBackupforLaptopsandDesktopsMultipleServerVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/480252/100/100/threaded