EMC AutoStart ftAgent Multiple Remote Code Execution Vulnerabilities

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
multiple remote code execution vulnerabilities.

Description :

The version of EMC AutoStart on the remote host reportedly contains
multiple remote code execution vulnerabilities :

- When creating error messages to be written to logs, a
user controlled string from the packet is used as an
argument to a function containing a format string. The
result of that function is written to a statically-sized
buffer on the stack, which can result in a buffer
overflow.

- ftAgent.exe, when processing messages with opcode 0x11,
performs arithmetic on an unvalidated user-supplied
value used to determine the size of a new heap buffer.
This allows a potential integer wrap to cause a heap-
based buffer overflow.

- ftAgent.exe, when processing messages with opcode 0x140,
performs arithmetic on an unvalidated user-supplied
value used to determine the size of a new heap buffer.
This allows a potential integer wrap to cause a heap-
based buffer overflow.

Failed attacks may result in a denial of service.

See also :

http://www.securityfocus.com/archive/1/519371
http://www.zerodayinitiative.com/advisories/ZDI-11-273/
http://www.zerodayinitiative.com/advisories/ZDI-11-274/
http://www.zerodayinitiative.com/advisories/ZDI-11-275/

Solution :

Upgrade to version 5.4.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55995 ()

Bugtraq ID: 49238

CVE ID: CVE-2011-2735

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now