|
Post by Arne on Dec 2, 2008 20:47:05 GMT 1
CRITICAL: EMC Control Center Multiple Vulnerabilities Affected:EMC Control Center versions 6.0 and prior Description: EMC Control Center is a collection of applications to manage, discover, and monitor enterprise storage and other resources. It contains multiple vulnerabilities in its handling of user requests. A specially crafted "SENDFILE" request could allow an attacker to download arbitrary files from the vulnerable system. A specially crafted "CTGTRANS" object could result in a buffer overflow condition, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (SYSTEM). Some technical details are publicly available for these vulnerabilities. Status: Vendor confirmed, updates available. Users are advised to block access to TCP port 10444 at the network perimeter, if possible. References:Zero Day Initiative Advisories zerodayinitiative.com/advisories/ZDI-08-075/zerodayinitiative.com/advisories/ZDI-08-076/Product Home Page www.emc.com/products/family/controlcenter-family.htmSecurityFocus BIDs www.securityfocus.com/bid/32389www.securityfocus.com/bid/32392Source:www.sans.org
|
|