|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=664
|
| |
Vulnerable Systems:
* EMC RepliStor version 6.2 SP2
Multiple vulnerabilities exist within the code responsible for compression. In each case, data is decompressed without consideration for the size of the destination buffer. This results in an exploitable heap overflow.
Analysis:
Exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the RepliStor Server or Control Server, usually SYSTEM. In order to exploit these vulnerabilities, an attacker needs to be able to connect to the targeted server on TCP port 7144 or 7145. No authentication is required to reach the vulnerable code paths.
Vendor response:
"EMC has issued updates to address this issue. EMC customers can view more details on http://powerlink.emc.com/ by searching the knowledge base for support solution emc179808 or they can contact EMC Software Technical Support at 1-877-534-2867."
CVE Information:
CVE-2007-6426
Disclosure timeline:
12/18/2007 - Initial vendor notification
12/18/2007 - Initial vendor response
02/19/2008 - Coordinated public disclosure
|
|
|
|
|
