BrightStor Hierarchical Storage Manager < r11.6 Multiple Remote Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote data migration service is affected by multiple issues.

Description :

According to its engine build, the installation of BrightStor
Hierarchical Storage Manager on the remote host has multiple
vulnerabilities affecting its CsAgent service, including buffer
overflows and SQL injection vulnerabilities. An unauthenticated
remote attacker may be able to leverage these issues to run arbitrary
SQL commands, crash the affected service, or even execute arbitrary
code with SYSTEM privileges.

See also :

http://www.nessus.org/u?706b6c19
http://seclists.org/bugtraq/2007/Sep/384
http://seclists.org/bugtraq/2007/Oct/26
http://seclists.org/bugtraq/2007/Oct/27
http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=156444

Solution :

Upgrade to BrightStor Hierarchical Storage Manager r11.6 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 26914 (hsm_r11_6.nasl)

Bugtraq ID: 25823

CVE ID: CVE-2007-5082
CVE-2007-5083
CVE-2007-5084

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now