EMC Replication Manager irccd.exe RunProgram Message Handling Arbitrary Command Execution

Critical Nessus Plugin ID 40849


Arbitrary code can be executed on the remote host.


The remote host is running EMC Replication Manager Client Control Daemon.

The remote version of this software is affected by a remote command execution vulnerability.

An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to the remote host. Successful exploitation would result in remote code execution with the privileges of the daemon itself.


Install EMC Replication Manager patch as described on the EMC support website. The following EMC products resolve this issue :

- EMC Replication Manager 5.0 SP6 Security Patch
- EMC Replication Manager 5.1 SP6 Security Patch
- EMC Replication Manager 5.2 Security Patch
- EMC Replication Manager 5.2 SP1 Security Patch

See Also




Plugin Details

Severity: Critical

ID: 40849

File Name: emc_rmcclient.nbin

Version: $Revision: 1.28 $

Type: remote

Published: 2009/09/02

Modified: 2018/01/29

Dependencies: 40850

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/08/07

Vulnerability Publication Date: 2009/08/07

Reference Information

BID: 35998

OSVDB: 56864

Secunia: 36251