Disk Pulse Server GetServerInfo buffer overflow
Added: 12/10/2010BID: 43919
Background
Disk Pulse is a disk change monitoring solution.Problem
A buffer overflow vulnerability in Disk Pulse Server allows remote attackers to execute arbitrary commands by sending a specially crafted GetServerInfo request to port 9120/TCP.Resolution
Upgrade to a fixed version when available. Versions 2.2.34 and prior are known to be affected by this vulnerability.References
http://secunia.com/advisories/41745Limitations
Exploit works on Disk Pulse Server 2.2.34 on Windows Server 2003 SP2 (DEP OptOut) with security updates KB956802 and KB956572.Platforms
Windows Server 2003Back to exploit index