Lucene search

K
saintSAINT CorporationSAINT:235E6D9888C25D298795507F959412EA
HistoryJun 07, 2010 - 12:00 a.m.

CA XOsoft Control Service entry_point.aspx Remote Code Execution

2010-06-0700:00:00
SAINT Corporation
download.saintcorporation.com
34

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.92 High

EPSS

Percentile

98.7%

Added: 06/07/2010
CVE: CVE-2010-1223
BID: 39238
OSVDB: 63611

Background

CA XOsoft is storage and recovery management software that includes applications for combined business continuity and disaster recovery. The CA XOsoft product family includes CA XOsoft Replication, CA XOsoft High Availability, and CA XOsoft Content Distribution.

Problem

Control Service r12 and Control Service r12.5 included in the CA XOsoft Replication, High Availability, and Content Distribution products with versions r12 and r12.5 are vulnerable to a stack buffer overflow as a result of overly long data passed to /entry_point.aspx. A successful attacker could execute arbitrary code with the permissions of the CA Control Service process.

Resolution

Apply the patches referenced in CA Security Notice for CA XOsoft CA20100406-01.

References

<http://secunia.com/advisories/39337/&gt;

Limitations

Exploit works on CA XOsoft Control Service r12.5.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.92 High

EPSS

Percentile

98.7%

Related for SAINT:235E6D9888C25D298795507F959412EA