EMC Data Protection Advisor NULL Pointer Dereference Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running EMC Data Protection Advisor and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attackers to cause denial of service condition. Impact Level: Application

Solution

Vendor has released a patch to fix this issue, please refer below link for patch details. http://seclists.org/bugtraq/2012/Apr/att-132/ESA-2012-018.txt

Insight

The flaw is due to an NULL pointer dereference error in the DPA Controller and Listener service when processing certain authentication packets sent to port 3916/TCP and 4001/TCP, which could be exploited by remote attackers to crash an affected server.

Affected

EMC Data Protection Advisor version 5.8.1 Build 5991 and prior

References

http://aluigi.altervista.org/adv/dpa_1-adv.txt
http://forums.cnet.com/7726-6132_102-5292999.html
http://secunia.com/advisories/48658
http://securitytracker.com/id/1026878
http://www.exploit-db.com/exploits/18688/
http://www.securityfocus.com/archive/1/522408/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0406, CVE-2012-0407
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

7-Zip Unspecified Archive Handling Vulnerability (Win)
FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
BlackIce DoS (ping flood)
AzeoTech DAQFactory Denial of Service Vulnerability
Apache 'mod_proxy_http.c' Denial Of Service Vulnerability

EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability

Take action and discover your vulnerabilities