EMC AlphaStor Library Manager Remote Code Execution

critical Nessus Plugin ID 33285


It is possible to execute code on the remote tape backup manager.


The installed instance of AlphaStor Library Manager is vulnerable to a command execution flaw when it receives a packet with a 0x44 code.
Packet string argument is used unsanitized as a call to the 'system' function.

An unauthenticated, remote attacker may be able to exploit this flaw to execute code on the remote host with SYSTEM/root privileges.


Fix is available in knowledgebase article emc186391.

See Also


Plugin Details

Severity: Critical

ID: 33285

File Name: alphastor_libmanager_exec.nasl

Version: 1.18

Type: remote

Published: 7/1/2008

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2157

BID: 29398

CWE: 20