Multiple Denial-of-Service vulnerabilities in EMC Documentum Sert Server

Release date:
Updated on:

Affected Systems:
Emc rem License Server <= 4.6.1.1995
Description:
--------------------------------------------------------------------------------
A security server contains a database that stores the encryption keys required for users to access protected content.

Multiple vulnerabilities in the implementation of EMC Documentum Sert Server can be exploited by malicious users to cause denial of service.

1) there is a null pointer reference error when processing the version compatibility check request, which can be exploited to cause a crash;

2) unknown details error occurred when processing commands with invalid IDs, which can be exploited to consume server resources;

3) There is a null pointer reference error when sending post-processing commands in the version compatibility check request, which can be exploited to cause a crash;

<* Source: Luigi Auriemma (aluigi@pivx.com)

Link: http://aluigi.altervista.org/adv/irm_1-adv.txt
Http://secunia.com/advisories/48690/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

EMC
---
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.emc.com/products/storage_management/navisphere.jsp