Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.
Desbordamiento de búfer en el Library Control Program (LCP) en EMC AlphaStor v4.0 anterior al build 910 permite a atacantes remotos ejecutar código arbitrario mediante comandos especialmente diseñados.
This vulnerability potentially allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability.
The specific flaw exists within Library Manager (robotd.exe) which listens by default on port 3500. When parsing the 0x4f command, the process copies an arbitrary user supplied string into fixed sized buffers. An attacker could leverage this vulnerability into remote execution of arbitrary code as SYSTEM.
Vendor patched May 2013, but did not notify the ZDI. As a result this advisory is posted late.
