EMC Replication Manager irccd.exe RunProgram Message Handling Arbitrary Command Execution

critical Nessus Plugin ID 40849

Language:

Synopsis

Arbitrary code can be executed on the remote host.

Description

The remote host is running EMC Replication Manager Client Control Daemon.

The remote version of this software is affected by a remote command execution vulnerability.

An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to the remote host. Successful exploitation would result in remote code execution with the privileges of the daemon itself.

Solution

Install EMC Replication Manager patch as described on the EMC support website. The following EMC products resolve this issue :

 - EMC Replication Manager 5.0 SP6 Security Patch
 - EMC Replication Manager 5.1 SP6 Security Patch
 - EMC Replication Manager 5.2 Security Patch
 - EMC Replication Manager 5.2 SP1 Security Patch

See Also

https://www.zerodayinitiative.com/advisories/ZDI-09-051/

https://seclists.org/bugtraq/2009/Aug/59

http://powerlink.emc.com/

Plugin Details

Severity: Critical

ID: 40849

File Name: emc_rmcclient.nbin

Version: 1.66

Type: remote

Published: 9/2/2009

Updated: 3/8/2023

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/7/2009

Vulnerability Publication Date: 8/7/2009

Reference Information

BID: 35998

Secunia: 36251