CVE-2013-0946 – EMC AlphaStor Library Manager 0x4f Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0946
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. Desbordamiento de búfer en el Library Control Program (LCP) en EMC AlphaStor v4.0 anterior al build 910 permite a atacantes remotos ejecutar código arbitrario mediante comandos especialmente diseñados. This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Library Manager (robotd.exe) which listens by default on port 3500. When parsing the 0x4f command, the process copies an arbitrary user supplied string into fixed sized buffers. • https://www.exploit-db.com/exploits/42719 http://archives.neohapsis.com/archives/bugtraq/2013-05/0035.html http://www.securityfocus.com/bid/59794 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0930 – EMC AlphaStor Device Manager 0x41 Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0930
Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name. Desbodamiento de búfer del Drive Control Program (DCP) en EMC AlphaStor v4.0 antes de v814 que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un nuevo nombre de dispositivo. This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrobotd.exe) which listens by default on port 3000. When parsing the 0x41 command, the process creates a file path using user-supplied data which can exceed the size of the stack buffer used, allowing an attacker partial control over memory. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0115.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0929 – EMC AlphaStor Device Manager 0x75 Command Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0929
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. Vulnerabilidad en el formato de cadena en la función _vsnsprintf en rrobotd.exe en el Administrador de dispositivos de EMC AlphaStor v4.0 antes de build 800 que permite a atacantes remotos ejecutar código arbitrario a través de especificadores de formato de cadena en un comando. This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrobotd.exe) which listens by default on port 3000. When parsing the 0x75 command, the process uses unfiltered user supplied data as a format string, allowing an attacker partial control over memory. • http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html http://www.securityfocus.com/bid/57472 • CWE-134: Use of Externally-Controlled Format String •
CVE-2013-0928 – EMC AlphaStor Device Manager 0x75 Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0928
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. El procesador de comandos NetWorker en rrobotd.exe en el Administrador de dispositivos de EMC AlphaStor 4.0 antes de build 800 permite a atacantes remotos ejecutar código arbitrario a través de un DCP, operación "ejecutar comando" . This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager (rrobotd.exe) which listens by default on port 3000. When parsing the 0x75 command, the process does not properly filter the user supplied data allowing for arbitrary command injection and execution. • https://www.exploit-db.com/exploits/34756 http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html http://www.exploit-db.com/exploits/34756 http://www.securityfocus.com/bid/57472 http://www.zerodayinitiative.com/advisories/ZDI-13-033 - • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2008-2157 – EMC AlphaStor Device Manager Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2008-2157
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500. robotd en la Library Manager de EMC AlphaStor 3.1 SP1 para Windows, permite a atacantes remotos ejecutar comandos de su elección mediante un campo de cadena no especificado en un paquete al puerto TCP 3500. EMC AlphaStor Library Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=703 http://secunia.com/advisories/30410 http://securitytracker.com/id?1020116 http://www.vupen.com/english/advisories/2008/1670 https://exchange.xforce.ibmcloud.com/vulnerabilities/42671 • CWE-20: Improper Input Validation •