Release date:
Updated on:
Affected Systems:
EMC AutoStart 5.4.1
EMC AutoStart 5.4
EMC AutoStart 5.3
Unaffected system:
EMC AutoStart 5.4.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53682
Cve id: CVE-2012-0409
EMC AutoStart provides high availability in a variety of operating systems, including UNIX, LINUX, Microsoft Windows for Oracle, Microsoft Exchange, and SQL Server cluster environments. AutoStart can monitor applications, networks, servers, and storage, and automatically restart applications on backup servers (local or remote) in the event of planned/unplanned service interruptions. Upon request, AutoStart can automatically switch back services, applications, and data quickly and efficiently to ensure business continuity.
In versions earlier than EMC AutoStart 5.4.3, multiple buffer overflow vulnerabilities exist in the processing of malicious packets sent to the proxy. Attackers can exploit these vulnerabilities to execute arbitrary code remotely, causing a crash or restarting the AutoStart agent.
<* Source: gwslabs.com
Link: http://www.securityfocus.com/archive/1/522835
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
EMC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.emc.com/products/storage_management/navisphere.jsp