| CVE ID | CVE-2013-0946 |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
EMC |
| AFFECTED PRODUCTS |
AlphaStor |
| VULNERABILITY DETAILS |
The specific flaw exists within Library Manager (robotd.exe) which listens by default on port 3500. When parsing the 0x4f command, the process copies an arbitrary user supplied string into fixed sized buffers. An attacker could leverage this vulnerability into remote execution of arbitrary code as SYSTEM. Vendor patched May 2013, but did not notify the ZDI. As a result this advisory is posted late.
|
| ADDITIONAL DETAILS |
EMC has issued an update to correct this vulnerability. More details can be found at:
http://www.securityfocus.com/archive/1/526568 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Aniway.Anyway@gmail.com |
