|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=702
|
| |
Vulnerable Systems:
* EMC AlphaStor version 3.1 SP1 for Windows
AlphaStor consists of multiple applications, one of which is the Server Agent. The Server Agent is one of the core components of AlphaStor, and is used to initiate disk management requests. The Agent consists of several processes, one of which is the AlphaStor Command Line Interface process. This process listens on TCP port 41025, and is prone to multiple stack based buffer overflow vulnerabilities.
Analysis:
Exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerabilities occur before any authentication, so they can be exploited by anonymous attackers with the ability to create a TCP connection to port 41025 on the server.
Vendor response:
"EMC has issued updates to correct this issue. More details can be found in knowledgebase article emc186391 available from powerlink.emc.com. EMC customers can further contact EMC Software Technical Support at 1-877-534-2867."
VII. CVE INFORMATION
CVE Information:
CVE-2008-2158
|
|
|
|
|
