CA XOsoft Control Service entry_point.aspx Remote Code Execution

2010-06-07T00:00:00
ID SAINT:235E6D9888C25D298795507F959412EA
Type saint
Reporter SAINT Corporation
Modified 2010-06-07T00:00:00

Description

Added: 06/07/2010
CVE: CVE-2010-1223
BID: 39238
OSVDB: 63611

Background

CA XOsoft is storage and recovery management software that includes applications for combined business continuity and disaster recovery. The CA XOsoft product family includes CA XOsoft Replication, CA XOsoft High Availability, and CA XOsoft Content Distribution.

Problem

Control Service r12 and Control Service r12.5 included in the CA XOsoft Replication, High Availability, and Content Distribution products with versions r12 and r12.5 are vulnerable to a stack buffer overflow as a result of overly long data passed to /entry_point.aspx. A successful attacker could execute arbitrary code with the permissions of the CA Control Service process.

Resolution

Apply the patches referenced in CA Security Notice for CA XOsoft CA20100406-01.

References

<http://secunia.com/advisories/39337/>

Limitations

Exploit works on CA XOsoft Control Service r12.5.

Platforms

Windows