EMC AlphaStor Device Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
16c82c7d9b24fff50834652b907f881e0a62d98726b37cb9546e543b81d6e763EMC AlphaStor Library Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
4eb559b7eb5458576749ca66e28966f2da701297746ca34d82ff61294f0bd8dciDefense Security Advisory 05.27.08 - Remote exploitation of an arbitrary command execution vulnerability in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Library Manager. The Library Manager is used to manage the replacement of disk drives in distributed locations. The Manager consists of a single process, the "robotd" process, that listens on TCP port 3500 for incoming connections. The Library Manager is prone to an arbitrary command execution vulnerability. When sent a specific request, "robotd" will use a string from the packet as a command to execute on the system via the CreateProcess() function. This allows an attacker to run arbitrary programs on the host with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.
89af74c8a928b81854ee449e94087273d27f78d647c9fd326a1544aff4057f61
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed