|
|
>> EMC ControlCenter Buffer Overflow and File Download Vulnerabilities
|
Two vulnerabilities have been identified in EMC ControlCenter, which could be exploited by remote attackers to gain knowledge of sensitive information or compromise a vulnerable system.
The first issue is caused by a stack overflow error in the SAN Manager Master Agent service (msragent.exe) when processing specially crafted "SST_CTGTRANS" requests sent to port 10444/TCP, which could allow remote unauthenticated attackers to execute arbitrary code.
The second vulnerability is caused by an error in the SAN Manager Master Agent service (msragent.exe) that does not validate the requestor when processing "SST_SENDFILE" requests sent to port 10444/TCP, which could allow remote attackers to download arbitrary files.
Affected Products
EMC ControlCenter versions 5.x
EMC ControlCenter versions 6.x
Solution
EMC ControlCenter 5.2 SP5 - Apply patch 4433
EMC ControlCenter 6.0 - Apply patch 4434
References
http://www.vupen.com/english/advisories/2008/3220
http://www.zerodayinitiative.com/advisories/ZDI-08-076/
http://www.zerodayinitiative.com/advisories/ZDI-08-075/
Credits
Vulnerabilities reported by ZDI.
ChangeLog
2008-11-21 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
