Lucene search

SAINT CorporationSAINT:09DD3E12D15B67E7F44197EA13FC90E6

HistoryJun 16, 2008 - 12:00 a.m.

HP StorageWorks Storage Mirroring DoubleTake.exe encoded authentication overflow

2008-06-1600:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.929

Percentile

99.1%

JSON

Added: 06/16/2008
CVE: CVE-2008-1661
OSVDB: 45924

Background

HP StorageWorks is a virtualized storage solution for mid-sized customers.

Problem

A buffer overflow vulnerability in the **DoubleTake.exe** process allows remote attackers to execute arbitrary commands by sending a long, specially crafted encoded authentication request.

Resolution

Download HP StorageWorks Storage Mirroring 4.5 SP2 or 5.0 or higher.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-06/0015.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-034/>

Limitations

Exploit works on HP StorageWorks Storage Mirroring 4.5.0.1653.

Platforms

Windows

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.929

Percentile

99.1%

JSON

Related for SAINT:09DD3E12D15B67E7F44197EA13FC90E6