NASLDB: EMC RepliStor < 6.2 SP5/6.3 SP2 Multiple Heap Overflows
General
ID: 38206
Name: EMC RepliStor < 6.2 SP5/6.3 SP2 Multiple Heap Overflows
Summary: Checks version of EMC RepliStor
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 7144
Family: Gain a shell remotely
Type: Remote
Description
According to its version, the installation of EMC RepliStor Server on
the remote host is earlier than version 6.2 SP5 or 6.3 SP2. Such
versions are affected by multiple heap overflow vulnerabilities. By
sending specially crafted requests to either ‘ctrlservice.exe’ or
‘rep_srv.exe’, an unauthorized attacker could execute arbitrary code
on the remote system with SYSTEM level privileges.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2009-1119
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2009/04/29
Plugin
Version: 1.8
Filename: emc_replistor_heap_overflows.nasl
Filesize: 2792 bytes
MD5 Hash: 00f6e27c1bb6cc77e10b20fd93d0aaaf
Identification: EMC/RepliStor/Version
Require Keys: EMC/RepliStor/Version
Dependencies: "emc_replistor.nbin"
Copyright: This script is Copyright© 2009-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack