[NT] EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 1 Jun 2008 09:21:43 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
EMC AlphaStor Library Manager Arbitrary Command Execution Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.emc.com/products/detail/software/alphastor.htm> EMC AlphaStor
is "a suite of applications used for disk management". Remote exploitation
of an arbitrary command execution vulnerability in EMC Corp.'s AlphaStor
could allow an attacker to execute arbitrary code with SYSTEM privileges.
DETAILS
Vulnerable Systems:
* EMC AlphaStor version 3.1 SP1 for Windows
AlphaStor consists of multiple applications, one of which is the Library
Manager. The Library Manager is used to manage the replacement of disk
drives in distributed locations. The Manager consists of a single process,
the "robotd" process, that listens on TCP port 3500 for incoming
connections.
The Library Manager is prone to an arbitrary command execution
vulnerability. When sent a specific request, "robotd" will use a string
from the packet as a command to execute on the system via the
CreateProcess() function. This allows an attacker to run arbitrary
programs on the host with SYSTEM privileges.
Analysis:
Exploitation of this vulnerability results in the execution of arbitrary
code with the privileges of the affected service, usually SYSTEM. The
vulnerability occurs before any authentication, so it can be exploited by
anonymous attackers with the ability to create a TCP connection to port
3500 on the server.
Since the vulnerability allows an attacker to run arbitrary programs with
arbitrary arguments, little skill is required for exploitation.
Vendor response:
"EMC has issued updates to correct this issue. More details can be found
in knowledgebase article emc186391 available from powerlink.emc.com. EMC
customers can further contact EMC Software Technical Support at
1-877-534-2867."
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2157>
CVE-2008-2157
Disclosure timeline:
04/16/2008 - Initial vendor response
04/16/2008 - Initial vendor notification
05/27/2008 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxx> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next by Date: [NT] EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities
- Next by thread: [NT] EMC AlphaStor Server Agent Multiple Stack Buffer Overflow Vulnerabilities
- Index(es):
Relevant Pages
|
|
