EMC AutoStart ftAgent Multiple Remote Code Execution Vulnerabilities (ESA-2012-020)

NASLDB: EMC AutoStart ftAgent Multiple Remote Code Execution Vulnerabilities (ESA-2012-020)

General

ID: 61491
Name: EMC AutoStart ftAgent Multiple Remote Code Execution Vulnerabilities (ESA-2012-020)

Summary: Checks remote version of ftAgent

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 8045
Family: Gain a shell remotely
Type: Remote

Description

The version of EMC AutoStart on the remote host reportedly contains
multiple remote code execution vulnerabilities :

– The EMC AutoStart ftAgent, when processing messages with
opcode 0×32 and subcode 0×04, opcode 0×32 and subcode 0×02,
opcode 0×03 and subcode 0×04, opcode 0×55 and subcode 0×16,
opcode 0×55 and subcode 0×01, opcode 0×41 and subcode 0×12,
opcode 0×32 and subcode 0×3C, opcode 0×32 and subcode 0×2A,
performs arithmetic on an unvalidated, user supplied value
used to determine the size of a new heap buffer. This allows
a potential integer wrap to cause a heap buffer overflow.
(ZDI-12-116, ZDI-12-117, ZDI-12-118, ZDI-12-120, ZDI-12-121,
ZDI-12-122, ZDI-12-123, ZDI-12-124, respectively)

– The EMC AutoStart ftAgent, when processing messages with opcode
0×41 and subcode 0×00, uses an uninitialized stack variable in
calculating a memory pointer. Also, the function uses signed
extension and signed comparison when checking the uninitialized
stack variable, which allows arbitrary negative values to bypass
the check. This could result in corruption of a controlled memory
location, which can be leveraged to execute code under the context
of a privileged user. (ZDI-12-119)

Failed attacks may result in a denial of service.