CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-1120

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile10.03th
Published2020年1月15日
Last Modified2024年11月21日

Vulnerability Description

EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker.

Affected Platforms (CPE)

📦
Dell

Emc Replistor

< esa-09-003

References & Advisories

🔗 http://www.zerodayinitiative.com/advisories/ZDI-09-068/
🔗 https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution
🔗 http://www.zerodayinitiative.com/advisories/ZDI-09-068/
🔗 https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution

関連する脆弱性情報

CVE-2007-532310.0

The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes...

CVE-2009-111910.0

Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrar...

CVE-2007-64267.8

Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute ar...

CVE-2009-37445.0

rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to T...