CVE-2007-6426 - Buffer Errors vulnerability in EMC Replistor 6.2sp2

Publication

2008-02-21

Last modification

2018-10-15

Summary

Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.

Description

EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.A remote attacker may be able to exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.These issues affect EMC RepliStor 6.2 SP2; other versions may also be affected.

Solution

The vendor released updates and a knowledgebase article (emc179808) to address these issues. Please contact the vendor for information on obtaining and apply these updates.

Exploit

Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:C/A:N)

High

7.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
EMC Replistor  6.2Sp2