EMC Autostart ftAgent Overflow

Added: 09/19/2011
CVE: CVE-2011-2735
BID: 49238
OSVDB: 74597

Background

EMC AutoStart is a cross-platform high-availability clustering solution.

Problem

The Agent Service of EMC AutoStart listens on TCP port 8045 and is vulnerable to a heap overflow when parsing malformed messages with opcode 0x11.

Resolution

Upgrade to EMC AutoStart 5.4.1 or later.

References

http://www.securityfocus.com/archive/1/519371
http://www.siberas.de/advisories/advisories_2011.html

Limitations

This exploit has been tested against EMC AutoStart 5.4.0 on Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2393802 and Windows Server 2008 SP2 (DEP AlwaysOff).

Platforms

Windows Server 2003
Windows Server 2008

Back to exploit index