Lucene search

SAINT CorporationSAINT:09DD3E12D15B67E7F44197EA13FC90E6

HistoryJun 16, 2008 - 12:00 a.m.

HP StorageWorks Storage Mirroring DoubleTake.exe encoded authentication overflow

2008-06-1600:00:00

SAINT Corporation

my.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.937 High

EPSS

Percentile

99.1%

JSON

Added: 06/16/2008
CVE: CVE-2008-1661
OSVDB: 45924

Background

HP StorageWorks is a virtualized storage solution for mid-sized customers.

Problem

A buffer overflow vulnerability in the **DoubleTake.exe** process allows remote attackers to execute arbitrary commands by sending a long, specially crafted encoded authentication request.

Resolution

Download HP StorageWorks Storage Mirroring 4.5 SP2 or 5.0 or higher.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-06/0015.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-034/>

Limitations

Exploit works on HP StorageWorks Storage Mirroring 4.5.0.1653.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.937 High

EPSS

Percentile

99.1%

JSON

Related for SAINT:09DD3E12D15B67E7F44197EA13FC90E6