---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta 16 days left of beta period. The 1st generation of the Secunia Network Software Inspector (NSI) has been available for corporate users for almost 1 year and its been a tremendous success. The 2nd generation Secunia NSI is built on the same technology as the award winning Secunia PSI, which has already been downloaded and installed on more than 400,000 computers world wide. Learn more / Download (instant access): http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: EMC DiskXtender Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29778 VERIFY ADVISORY: http://secunia.com/advisories/29778/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: >From local network SOFTWARE: EMC DiskXtender 6.x http://secunia.com/product/18302/ DESCRIPTION: Some vulnerabilities have been reported in EMC DiskXtender, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system. 1) The main components of the application (e.g. File System Manager, MediaStor, and License Server) contain hard-coded authentication credentials. This can be exploited by connecting and logging in through the RPC interface and gaining administrative access to the DiskXtender server. 2) A boundary error in the File System Manager component can be exploited to cause a stack-based buffer overflow by sending an overly long, specially crafted RPC request to the b157b800-aef5-11d3-ae49-00600834c15f RPC interface. 3) A format string error in the MediaStor component can be exploited by sending a specially crafted RPC request containing format string specifiers to the b157b800-aef5-11d3-ae49-00600834c15f RPC interface. Successful exploitation of the vulnerabilities #2 and #3 allows execution of arbitrary code. The vulnerabilities are reported in version 6.20.060 for Windows. Other versions may also be affected. SOLUTION: The vendor has issued updates. Contact EMC Software Technical Support or refer to knowledge base article emc184091: https://powerlink.emc.com/ PROVIDED AND/OR DISCOVERED BY: Discovered by Stephen Fewer of Harmony Security and reported via iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=685 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------