EMC Autostart ftAgent Overflow

2011-09-19T00:00:00
ID SAINT:1367553F5C5624AB4EA760091D288775
Type saint
Reporter SAINT Corporation
Modified 2011-09-19T00:00:00

Description

Added: 09/19/2011
CVE: CVE-2011-2735
BID: 49238
OSVDB: 74597

Background

EMC AutoStart is a cross-platform high-availability clustering solution.

Problem

The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x11.

Resolution

Upgrade to EMC AutoStart 5.4.1 or later.

References

<http://www.securityfocus.com/archive/1/519371>
<http://www.siberas.de/advisories/advisories_2011.html>

Limitations

This exploit has been tested against EMC AutoStart 5.4.0 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802 and Windows Server 2008 SP2 (DEP AlwaysOff).

Platforms

Windows Server 2003
Windows Server 2008