News

posted on 29 May 2008 06:01

security organisation Secunia has issued a moderately critical advisory note concerning EMC's AlphaStor software product. EMC has issued a fix for this.

The advisory text reads:-

Some vulnerabilities have been reported in EMC AlphaStor, which can be exploited by malicious people to compromise a vulnerable system.

1) Multiple boundary errors within the AlphaStor Command Line Interface process of the Server Agent can be exploited to cause stack-based buffer overflows via specially crafted packets sent to default port 41025/TCP.
Successful exploitation allows execution of arbitrary code.

2) An input validation error in the "robotd" process of the Library Manager can be exploited to execute arbitrary programs on the system via a specially crafted packet sent to default port 3500/TCP.

The vulnerabilities are reported in version 3.1 SP1 for Windows. Other versions may also be affected.

AlphaStor is a software product for tape backup management. It is an integrated extension of Networker that enables users to schedule, track, and automate movement of all media regardless of location.

The EMC response is described in the knowledge base article: emc186391: https://powerlink.emc.com.

^{[Paul Roberts, news editor.]}