Check Point Advisories

Update Protection against EMC RepliStor rep_srv and ctrlservice Denial of Service

Check Point Reference: CPAI-2009-309
Date Published: 23 Dec 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA37092
Industry Reference:CVE-2009-3744
Protection Provided by:
Who is Vulnerable? EMC RepliStor 6.3.1.3 and prior
Vulnerability Description A denial of service vulnerability exists in EMC RepliStor. EMC RepliStor is a data recovery and protection system designed for Microsoft Windows. The vulnerability is due to an input validation error while parsing a specially crafted packet sent to 'rep_srv.exe' and 'ctrlservice.exe' services. Successful exploitation would cause a denial of service condition.
Update/Patch AvaliableThe vendor, EMC, has released an advisory addressing this vulnerability:https://powerlink.emc.com/
Vulnerability DetailsThe vulnerability is due to insufficient bounds checking on user supplied data while allocating a heap buffer for sepecific EMC packets. Remote unauthenticated attackers can exploit this vulnerability by sending a malicious packet to the services on ports 7144/TCP and 7145/TCP.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK