CVE-2008-5420 – EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability
https://notcve.org/view.php?id=CVE-2008-5420
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. El servicio SAN Manager Master Agent (alias msragent.exe)en EMC Control Center anterior 6.1 no autentica adecuadamente peticiones SST_SENDFILE, las cuales permiten a atacantes remotos leer archivos de su elección. This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. • http://osvdb.org/50032 http://secunia.com/advisories/32801 http://securityreason.com/securityalert/4709 http://www.securityfocus.com/archive/1/498556/100/0/threaded http://www.securityfocus.com/bid/32392 http://www.securitytracker.com/id?1021263 http://www.vupen.com/english/advisories/2008/3220 http://www.zerodayinitiative.com/advisories/ZDI-08-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/46753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5419 – EMC Control Center SST_CTGTRANS Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-5419
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. Desbordamiento de búfer basado en pila en SAN Manager Master Agent service (antes conocido como msragent.exe) en EMC Control Center v5.2 SP5 and v6.0 permite a atacantes remotos ejecutar código a su elección a través de la ejecución de código a través de múltiples peticiones SST_CTGTRANS. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. • http://osvdb.org/50031 http://secunia.com/advisories/32801 http://securityreason.com/securityalert/4710 http://www.securityfocus.com/archive/1/498555/100/0/threaded http://www.securityfocus.com/bid/32389 http://www.securitytracker.com/id?1021262 http://www.vupen.com/english/advisories/2008/3220 http://www.zerodayinitiative.com/advisories/ZDI-08-075 https://exchange.xforce.ibmcloud.com/vulnerabilities/46751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •