• Home
• Links
• Vulnerabilities
• Legal
• About
• Blog

[Shirkdog Security Advisory SHK-003]

Title:
------
Computer Associates (CA) Brightstor Backup Remote Procedure Call Server DoS (catirpc.dll)

Description of Application:
---------------------------
http://www3.ca.com/solutions/ProductFamily.aspx?ID=115

Brightstor ARCserv Backup provides a complete, flexible and integrated backup and recovery solution for Windows, NetWare, Linux and UNIX environments.

Vulnerability(PoC):
-------------------
CATIRPC.dll does not properly handle TADDR2UADDR procedures used in RPC communications with the CA RPC Server (Catirpc.exe). This leads to a condition where a null memory pointer is dereferenced. This appears to be only a DoS, but please prove me otherwise. This was tested on BrightStor ARCserve Backup 11.5.2.0 (SP2) The following is the DoS exploit:

http://www.shirkdog.us/catirpcdos.rb


Impact:
----------
This vulnerability leads to a Denial of Service of the Catirpc.exe, which affects other Brightstor ARCserve services that rely on the RPC server.

Risk Level:
--------------
High
The vulnerability affects the operation of the Brighstor ARCserve Software, but does not lead to remote code execution.

Solution:
------------
CA has released a patch for this vulnerability:
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317


References:
--------------
CVE: CVE-2007-0816
Bugtraq ID: 22365


[Shirkdog Security]
http://www.shirkdog.us/shk-003.html

| Home | Links | Vulnerabilities | Legal | About | Blog |
© Shirkdog.us | XHTML