Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5420

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-5420
Last Modified 07 Mar 2011 10:14:34
Published 10 Dec 2008 09:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5420

Summary

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

Vulnerable Systems

Application

  • Emc Control Center 5.2

  • Emc Control Center 6.0


References

XF - controlcenter-msragent-file-download(46753)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-076/

VUPEN - ADV-2008-3220

SECTRACK - 1021263

BID - 32392

BUGTRAQ - 20081120 ZDI-08-076: EMC Control Center SAN Manager SST_SENDFILE Remote File Retrieval Vulnerability

SREASON - 4709

SECUNIA - 32801

OSVDB - 50032


Last Updated: 27 May 2016 10:48:48