EMC AlphaStor Device Manager robotd RCE
Critical Nessus Plugin ID 33284
SynopsisThe remote tape backup manager is affected by a remote command execution vulnerability.
DescriptionThe AlphaStor Device Manager application running on the remote host is affected by a remote command execution vulnerability in robotd due to improper sanitization of packet string arguments before using them in a call to the 'system' function. An unauthenticated, remote attacker can exploit this, via a specially crafted packet with a 0x34 code, to execute arbitrary commands with SYSTEM/root privileges.
SolutionApply the latest update referenced in EMC knowledgebase article emc186391.