Disk Pulse Server GetServerInfo buffer overflow

Added: 12/10/2010
BID: 43919

Background

Disk Pulse is a disk change monitoring solution.

Problem

A buffer overflow vulnerability in Disk Pulse Server allows remote attackers to execute arbitrary commands by sending a specially crafted GetServerInfo request to port 9120/TCP.

Resolution

Upgrade to a fixed version when available. Versions 2.2.34 and prior are known to be affected by this vulnerability.

References

http://secunia.com/advisories/41745

Limitations

Exploit works on Disk Pulse Server 2.2.34 on Windows Server 2003 SP2 (DEP OptOut) with security updates KB956802 and KB956572.

Platforms

Windows Server 2003

Back to exploit index