EMC AlphaStor Library Manager Remote Code Execution
Critical Nessus Plugin ID 33285
SynopsisIt is possible to execute code on the remote tape backup manager.
DescriptionThe installed instance of AlphaStor Library Manager is vulnerable to a command execution flaw when it receives a packet with a 0x44 code.
Packet string argument is used unsanitized as a call to the 'system' function.
An unauthenticated, remote attacker may be able to exploit this flaw to execute code on the remote host with SYSTEM/root privileges.
SolutionFix is available in knowledgebase article emc186391.