CVE-2011-2735
EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP.
Múltiples desbordamientos de búfer en EMC AutoStart v5.3.x y v5.4.x antes de v5.4.1 permite a atacantes remotos causar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección mediante el envío de un mensaje manipulado a través de TCP.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x11 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-07-13 CVE Reserved
- 2011-08-19 CVE Published
- 2024-07-21 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/8352 | Third Party Advisory | |
| http://securitytracker.com/id?1025958 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/519371/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/49238 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69296 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/45703 | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Autostart Search vendor "Emc" for product "Autostart" | 5.3 Search vendor "Emc" for product "Autostart" and version "5.3" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Autostart Search vendor "Emc" for product "Autostart" | 5.3 Search vendor "Emc" for product "Autostart" and version "5.3" | sp1 |
Affected
| ||||||
| Emc Search vendor "Emc" | Autostart Search vendor "Emc" for product "Autostart" | 5.3 Search vendor "Emc" for product "Autostart" and version "5.3" | sp2 |
Affected
| ||||||
| Emc Search vendor "Emc" | Autostart Search vendor "Emc" for product "Autostart" | 5.3 Search vendor "Emc" for product "Autostart" and version "5.3" | sp3 |
Affected
| ||||||
| Emc Search vendor "Emc" | Autostart Search vendor "Emc" for product "Autostart" | 5.4 Search vendor "Emc" for product "Autostart" and version "5.4" | - |
Affected
| ||||||