EMC AlphaStor Device Manager Command Injection

Added: 02/01/2013
CVE: CVE-2013-0928
BID: 57472
OSVDB: 89436

Background

EMC AlphaStor is a media lifecycle and tape library management product for enterprise environments.

Problem

EMC AlphaStor versions prior to 4.0 Build 800 are vulnerable to remote command injection. The AlphaStor Device Manager (rrobotd.exe) contains a flaw which could be exploited to inject arbitrary commands via the DCP run command.

Resolution

Upgrade to version 4.0 build 800 or later.

References

http://secunia.com/advisories/51930/

Limitations

This exploit was tested against EMC AlphaStor 4.0 build 114 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

Back to exploit index