Friday, April 11, 2008 9:19 AM
cmosby
EMC DiskXtender Multiple Vulnerabilities - Advisories - Secunia
Secunia Advisory:
SA29778
Release Date:
2008-04-11
Critical:
Moderately critical
Impact:
Security Bypass
System access
Where:
From local network
Solution Status:
Vendor Patch
Software:
EMC DiskXtender 6.x
CVE reference:
CVE-2008-0961 (Secunia mirror)
CVE-2008-0962 (Secunia mirror)
CVE-2008-0963 (Secunia mirror)
Description:
Some vulnerabilities have been reported in EMC DiskXtender, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system.
1) The main components of the application (e.g. File System Manager, MediaStor, and License Server) contain hard-coded authentication credentials. This can be exploited by connecting and logging in through the RPC interface and gaining administrative access to the DiskXtender server.
2) A boundary error in the File System Manager component can be exploited to cause a stack-based buffer overflow by sending an overly long, specially crafted RPC request to the b157b800-aef5-11d3-ae49-00600834c15f RPC interface.
3) A format string error in the MediaStor component can be exploited by sending a specially crafted RPC request containing format string specifiers to the b157b800-aef5-11d3-ae49-00600834c15f RPC interface.
Successful exploitation of the vulnerabilities #2 and #3 allows execution of arbitrary code.
The vulnerabilities are reported in version 6.20.060 for Windows. Other versions may also be affected.
Solution:
The vendor has issued updates. Contact EMC Software Technical Support or refer to knowledge base article emc184091:
https://powerlink.emc.com/
Provided and/or discovered by:
Discovered by Stephen Fewer of Harmony Security and reported via iDefense Labs.
Original Advisory:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=685