Lucene search

SAINT CorporationSAINT:3A5184D6913841C7D629793491B3D582

HistoryJun 16, 2008 - 12:00 a.m.

HP StorageWorks Storage Mirroring DoubleTake.exe encoded authentication overflow

2008-06-1600:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.943 High

EPSS

Percentile

99.0%

JSON

Added: 06/16/2008
CVE: CVE-2008-1661
OSVDB: 45924

Background

HP StorageWorks is a virtualized storage solution for mid-sized customers.

Problem

A buffer overflow vulnerability in the **DoubleTake.exe** process allows remote attackers to execute arbitrary commands by sending a long, specially crafted encoded authentication request.

Resolution

Download HP StorageWorks Storage Mirroring 4.5 SP2 or 5.0 or higher.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-06/0015.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-034/>

Limitations

Exploit works on HP StorageWorks Storage Mirroring 4.5.0.1653.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.943 High

EPSS

Percentile

99.0%

JSON

Related for SAINT:3A5184D6913841C7D629793491B3D582