CVE-2009-1119

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2009-1119 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Zhenhua Liu.
The original article can be found at: http://www.fortiguardcenter.com/advisory/FGA-2009-13.html

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2009-1119

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* EMC RepliStor version 6.2 SP4 and earlier
* EMC RepliStor version 6.3 SP1 and earlier

A remote, unauthenticated user may connect over TCP to the "ctrlservice.exe" or "rep_srv.exe" process and send a specially-crafted message to cause a heap based buffer overflow, which can result in arbitrary code execution.

Solutions:
The FortiGuard Global Security Research Team released the signature "EMC.RepliStor.Integer.Overflow"

Users should use EMC's Powerlink solution to upgrade to the following EMC RepliStor products:
* RepliStor 6.2 SP5: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.2 SP5
* RepliStor 6.3 SP2: Navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads P-R >RepliStor 6.3 SP2

CVE Information:
CVE-2009-1119

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus