Secunia

Description
Some vulnerabilities have been reported in EMC DiskXtender, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system.

1) The main components of the application (e.g. File System Manager, MediaStor, and License Server) contain hard-coded authentication credentials. This can be exploited by connecting and logging in through the RPC interface and gaining administrative access to the DiskXtender server.

2) A boundary error in the File System Manager component can be exploited to cause a stack-based buffer overflow by sending an overly long, specially crafted RPC request to the b157b800-aef5-11d3-ae49-00600834c15f RPC interface.

3) A format string error in the MediaStor component can be exploited by sending a specially crafted RPC request containing format string specifiers to the b157b800-aef5-11d3-ae49-00600834c15f RPC interface.

Successful exploitation of the vulnerabilities #2 and #3 allows execution of arbitrary code.

The vulnerabilities are reported in version 6.20.060 for Windows. Other versions may also be affected.

Solution
The vendor has issued updates. Contact EMC Software Technical Support or refer to knowledge base article emc184091:
Further details available in Customer Area

Provided and/or discovered by
Discovered by Stephen Fewer of Harmony Security and reported via iDefense Labs.

Original Advisory
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=685

Deep Links
Links available in Customer Area