EMC AlphaStor Library Manager Remote Code Execution

Critical Nessus Plugin ID 33285


It is possible to execute code on the remote tape backup manager.


The installed instance of AlphaStor Library Manager is vulnerable to a command execution flaw when it receives a packet with a 0x44 code.
Packet string argument is used unsanitized as a call to the 'system' function.

An unauthenticated, remote attacker may be able to exploit this flaw to execute code on the remote host with SYSTEM/root privileges.


Fix is available in knowledgebase article emc186391.

See Also


Plugin Details

Severity: Critical

ID: 33285

File Name: alphastor_libmanager_exec.nasl

Version: $Revision: 1.17 $

Type: remote

Published: 2008/07/01

Modified: 2015/01/14

Dependencies: 33280

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-2157

BID: 29398

OSVDB: 45715

CWE: 20