CA ARCserve Backup xdr_rwsstring buffer overflow

2008-05-27T00:00:00
ID SAINT:C8A321924389FB6B6904C08CFD71DDF4
Type saint
Reporter SAINT Corporation
Modified 2008-05-27T00:00:00

Description

Added: 05/27/2008
CVE: CVE-2008-2242
BID: 29283
OSVDB: 45368

Background

CA ARCserve Backup (formerly BrightStor ARCserve Backup) is a backup and recovery solution. It runs several services which use the SUN Remote Procedure Call (SUN-RPC) protocol. SUN-RPC messages are defined using the External Data Representation (XDR) standard.

Problem

A buffer overflow vulnerability in the **xdr_rwsstring** function allows remote attackers to execute arbitrary commands by sending specially crafted data of type SString to various SUN-RPC services.

Resolution

Apply one of the patches referenced in the CA Security Notice.

References

<http://www.zerodayinitiative.com/advisories/ZDI-08-026/>

Limitations

Exploit works on CA ARCserve Backup 11.1 SP2 with patch KB933729 (rpcrt4.dll version 5.2.3790.4115) on Windows and 11.5 on Linux.

Platforms

Windows 2000
Windows Server 2003
Linux