|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=685, http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684 and http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
|
| |
Vulnerable Systems:
* EMC DiskXtender version 6.20.060
EMC DiskXtender Authentication Bypass Vulnerability
Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code.
Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process.
Analysis:
Exploitation of this vulnerability results in an unauthenticated attacker gaining administrative access to the DiskXtender server. This allows an attacker to create and delete files on the backup server, and run other DiskXtender commands. This could potentially lead to the execution of arbitrary code with SYSTEM privileges.
CVE Information:
CVE-2008-0961
EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability
Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service.
The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs.
Analysis:
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service, usually SYSTEM. In order to exploit this vulnerability, authentication is required.
CVE Information:
CVE-2008-0962
EMC DiskXtender MediaStor Format String Vulnerability
Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service.
When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs.
Analysis:
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service, usually SYSTEM. In order to exploit this vulnerability, authentication is required.
Vendor response:
"EMC has issued updates to correct this issue. More details can be found in knowledgebase article emc184091 available from powerlink.emc.com. EMC customers can further contact EMC Software Technical Support at 1-877-534-2867."
CVE Information:
CVE-2008-0963
Disclosure timeline:
02/21/2008 - Initial vendor notification
02/22/2008 - Initial vendor response
04/09/2008 - Coordinated public disclosure
|
|
|
|
|
