EUVD-2008-0970

Malware in sbrugna...

EUVD-2008-0969

Malware in sbrugna...

Stack overflow

Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface...

Format string

Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface...

CVE-2008-0961

EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface...

CVE-2008-0963

Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface...

CVE-2008-0962

Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface...

CVE-2008-0962

Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface...

CVE-2008-0961

EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface...

CVE-2008-0962

EMC DiskXtender 6.20.060’s File System Manager is affected by a stack-based buffer overflow in the RPC interface (UUID b157b800-aef5-11d3-ae49-00600834c15f) that can allow remote authenticated users to execute arbitrary code. The vulnerability arises from improper validation of string length in c...

CVE-2008-0963

EMC DiskXtender MediaStor 6.20.060 is affected by a format-string vulnerability in the RPC interface (UUID b157b800-aef5-11d3-ae49-00600834c15f). The service passes an unvalidated string to a formatting function, allowing remote authenticated users to execute arbitrary code with the privileges of...

CVE-2008-0961

EMC DiskXtender 6.20.060 (RPC interface) contains a hard-coded login and password that enables an unauthenticated remote attacker to bypass authentication and gain administrative access to the DiskXtender server. Affected component is DiskXtender’s RPC endpoints, enabling remote control and poten...

CVE-2008-0963

Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface...

iDefense Security Advisory 04.09.08: EMC DiskXtender File System Manager Stack Buffer Overflow Vulnerability

iDefense Security Advisory 04.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 09, 2008 I. BACKGROUND EMC DiskXtender is a data backup and migration suite. It consists of several applications that are used to manage storing large quantities of files across multiple storage devices...

iDefense Security Advisory 04.09.08: EMC DiskXtender MediaStor Format String Vulnerability

iDefense Security Advisory 04.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 09, 2008 I. BACKGROUND EMC DiskXtender is a data backup and migration suite. It consists of several applications that are used to manage storing large quantities of files across multiple storage devices...

iDefense Security Advisory 04.09.08: EMC DiskXtender Authentication Bypass Vulnerability

iDefense Security Advisory 04.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 09, 2008 I. BACKGROUND EMC DiskXtender is a data backup and migration suite. It consists of several applications that are used to manage storing large quantities of files across multiple storage devices...

EMC DiskXtender multiple security vulnerabilities

Authentication bypass, buffer overflow, format string vulnerability...

PT-2008-2569 · Emv · Emc Diskxtender

Name of the Vulnerable Software and Affected Versions: EMV DiskXtender version 6.20.060 Description: The issue allows remote attackers to bypass authentication due to a hard-coded login and password. This can be exploited via the RPC interface. Recommendations: For version 6.20.060, consider...

EMC DiskXtender文件系统管理器远程栈溢出漏洞

BUGTRAQ ID: 28728 CVECAN ID: CVE-2008-0962 EMC DiskXtender是一款数据备份、迁移套件。 DiskXtender产品的文件系统管理器组件存在栈溢出漏洞。在处理UUID为b157b800-aef5-11d3-ae49-00600834c15f的RPC接口上的请求时，服务没有正确地验证请求中字符串的长度，如果用户提交了超长请求的话就可以触发这个溢出，导致以受影响服务的权限执行任意代码。但必须通过认证才能利用这个漏洞。 EMC DiskXtender 6.20.60 EMC ---...

EMC DiskXtender默认凭据权限提升漏洞

BUGTRAQ ID: 28727 CVECAN ID: CVE-2008-0961 EMC DiskXtender是一款数据备份、迁移套件。 DiskXtender产品的主要组件包括文件系统管理器、MediaStor和证书服务器，这些组件都会创建可能远程访问的RPC端点。由于认证代码中包含有硬编码的登录和口令凭据，因此远程攻击者可以连接到这些RPC接口并使用这些凭据登录来绕过正常的认证过程，获得对DiskXtender服务器的管理访问。 EMC DiskXtender 6.20.60 EMC --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...