Name | wp_ca_arcserve_d2d_gwt |
CVE | CVE-2011-3011 |
Exploit Pack | White_Phosphorus |
Description | CA ARCserve D2D GWT RPC Remote Code Execution |
Notes | References: http://osvdb.org/74162 http://retrogod.altervista.org/9sg_ca_d2dii.html CVE Name: CVE-2011-3011 VENDOR: CA Notes: This module exploits an Administrator Credential disclosure vulnerability which leads to remote code execution on CA ARCserve D2D. The credential disclosure vulnerability requires the Administrator has logged in to D2D at least once per Tomcat instance. All payloads are served over SMB via wp_smbserver_backdoor except 'Execute Command' which does not require it. Windows based CANVAS users must first disable the native Windows SMB server before running the module. On Windows 7 this is done by disabling the 'Server' and 'TCP/IP NetBIOS Helper' services and rebooting the system. Dropped payloads must be removed manually from c:\windows\system32\. Instructions: 1. Disable native SMB server and reboot 2. Run wp_ca_arcserve_d2d Repeatability: Unlimited Date public: 2011-07-25 CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3011 CVSS: 5.0 |
Learn more about the CANVAS Exploit Pack here: White_Phosphorus |