If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-87.įor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. We would also like to acknowledge and Anonymous working with HPs Zero Day Initiative and Brian Gorenc of HPs Zero Day Initiative who independently reported this issue to us. Reference: hotfix 1073, service alert 1078.ĮMC would like to thank CERT/CC for reporting this issue to us. This hotfix is posted on and is available to EMC Technical Support to download and provide to the customer. Please contact EMC Technical Support to request the hot fix (reference hotfix 1073, service alert 1078). Exploitation of this vulnerability requires an attacker to know the Autostart domain name (if no default value is used) and the node list.ĮMC strongly recommends all customers upgrade to the version listed below at the earliest opportunity: By sending a specifically crafted packet to the AutoStart agent (ftagent.exe ) running on the remote system, it is possible to execute arbitrary commands with the highest privilege level of the affected system (NT / Authority System privilege for Windows and root privilege for Linux platforms). EMC AutoStart versions 5.5.0 and prior (all platforms)ĮMC AutoStart is vulnerable to a packet injection vulnerability that could potentially be leveraged by a malicious attacker to run arbitrary commands remotely and compromise affected AutoStart nodes.ĮMC AutoStart is vulnerable to a packet injection vulnerability due to insecure communication between the nodes of AutoStart cluster. EMC AutoStart versions 5.4.3 and prior (all platforms) Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Change Mirror Download -BEGIN PGP SIGNED MESSAGE-ĮSA-2015-084: EMC AutoStart Packet Injection Vulnerability
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |