CVE-2012-0406

Severity

78%

Complexity

99%

Confidentiality

115%

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

EMC Data Protection Advisor

First reported 12 years ago

2012-04-20 04:02:00

Last updated 12 years ago

2012-08-14 03:33:00

Affected Software

EMC Data Protection Advisor 5.7 Service Pack 1

5.7

EMC Data Protection Advisor 5.8 Service Pack 1

5.8

References

http://aluigi.altervista.org/adv/dpa_1-adv.txt

Exploit

18688

20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities

1026956

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.