TippingPoint Zero Day Initiative

 

EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability

ZDI-08-076: November 20th, 2008

CVE ID

Affected Vendors

EMC

Affected Products

Control Center

Vulnerability Details

This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability.

The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files.

Vendor Response

EMC states:

Customers should upgrade to version 6.1 which contains the fix.

Disclosure Timeline

2008-11-10 - Vulnerability reported to vendor
2008-11-20 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

Anonymous

Published Advisories

ZDI-08-088: Oracle

• published 2008-12-16

ZDI-08-087: Microsoft

• published 2008-12-09

ZDI-08-086: Microsoft

• published 2008-12-09

ZDI-08-085: Microsoft

• published 2008-12-09

ZDI-08-084: Microsoft

• published 2008-12-09

Upcoming Advisories

Apple

• reported 2008-10-28, 71 days ago

Microsoft

• reported 2008-10-15, 84 days ago

Apple

• reported 2008-10-15, 84 days ago

Adobe

• reported 2008-10-15, 84 days ago

Microsoft

• reported 2008-09-23, 106 days ago

Recent Press

Apple updates Safari with 11 security fixes

• published 2008-11-13, CNET

Crashing The iPhone

• published 2008-11-03, Forbes

Apple issues major patch updates for QuickTime

• published 2008-09-10, ComputerWorld

Where on earth are these Microsoft patches?

• published 2008-08-14, ZDNet

Apple releases new Mac OS X 10.5.5

• published 2008-07-31, ITWire