Remote Code Execution in DiskPulse Server

Critical Nessus Plugin ID 51095


The remote service has a buffer overflow.


A stack overflow vulnerability exists in the DiskPulse Server installed on the remote host.

By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server with SYSTEM privileges.

Note that Nessus checked for this vulnerability by sending a specially crafted packet and checking the response, without crashing the service.

All 2.x versions 2.2 and below are known to be affected, and others may be as well.


Upgrade to version 2.3 as it appears to address the issue.

Plugin Details

Severity: Critical

ID: 51095

File Name: diskpulse_stack_overflow.nasl

Version: $Revision: 1.6 $

Type: remote

Agent: windows

Family: Windows

Published: 2010/12/09

Modified: 2014/10/24

Dependencies: 51093

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/10/12

Vulnerability Publication Date: 2010/10/12

Exploitable With

ExploitHub (EH-12-633)

Reference Information

BID: 43919