Title: EMC DiskXtender MediaStor RPC Interface Format String Vulnerability
Severity: CRITICAL
Description:
EMC DiskXtender is a suite of software components used for data backup and migration; it is available for UNIX, Linux, and Windows operating systems.
EMC DiskXtender is prone to a format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function.
This issue affects the MediaStor component when handling specially crafted strings in requests to the RPC interface. The RPC interface is identified by UUID 'b157b800-aef5-11d3-ae49-00600834c15f'.
Authenticated attackers can leverage this issue to execute arbitrary code in the context of the application, which typically runs with SYSTEM privileges. Successful exploits will compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
DiskXtender 6.20.060 for Windows is vulnerable; other versions may also be affected.
Affected Products:
- EMC DiskXtender 6.20.060
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
