Detections
Analytics

EMC AlphaStor Library Manager Remote Code Execution

critical Nessus Plugin ID 33285

Language:

Synopsis

It is possible to execute code on the remote tape backup manager.

Description

The installed instance of AlphaStor Library Manager is vulnerable to a command execution flaw when it receives a packet with a 0x44 code.
Packet string argument is used unsanitized as a call to the 'system' function.

An unauthenticated, remote attacker may be able to exploit this flaw to execute code on the remote host with SYSTEM/root privileges.

Solution

Fix is available in knowledgebase article emc186391.

See Also

http://www.nessus.org/u?666077ae

Plugin Details

Severity: Critical

ID: 33285

File Name: alphastor_libmanager_exec.nasl

Version: 1.18

Type: remote

Published: 7/1/2008

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2157

BID: 29398

CWE: 20