EMC Replication Manager irccd.exe RunProgram Message Handling Arbitrary Command Execution

critical Nessus Plugin ID 40849


Arbitrary code can be executed on the remote host.


The remote host is running EMC Replication Manager Client Control Daemon.

The remote version of this software is affected by a remote command execution vulnerability.

An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to the remote host. Successful exploitation would result in remote code execution with the privileges of the daemon itself.


Install EMC Replication Manager patch as described on the EMC support website. The following EMC products resolve this issue :

- EMC Replication Manager 5.0 SP6 Security Patch
- EMC Replication Manager 5.1 SP6 Security Patch
- EMC Replication Manager 5.2 Security Patch
- EMC Replication Manager 5.2 SP1 Security Patch

See Also




Plugin Details

Severity: Critical

ID: 40849

File Name: emc_rmcclient.nbin

Version: 1.66

Type: remote

Published: 9/2/2009

Updated: 3/8/2023

Risk Information


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/7/2009

Vulnerability Publication Date: 8/7/2009

Reference Information

BID: 35998

Secunia: 36251