CA XOsoft Control Service entry_point.aspx Remote Code Execution

2010-06-0700:00:00

SAINT Corporation

www.saintcorporation.com

0.92 High

EPSS

Percentile

98.7%

JSON

Added: 06/07/2010
CVE: CVE-2010-1223
BID: 39238
OSVDB: 63611

Background

CA XOsoft is storage and recovery management software that includes applications for combined business continuity and disaster recovery. The CA XOsoft product family includes CA XOsoft Replication, CA XOsoft High Availability, and CA XOsoft Content Distribution.

Problem

Control Service r12 and Control Service r12.5 included in the CA XOsoft Replication, High Availability, and Content Distribution products with versions r12 and r12.5 are vulnerable to a stack buffer overflow as a result of overly long data passed to /entry_point.aspx. A successful attacker could execute arbitrary code with the permissions of the CA Control Service process.