In association with heise online

26 January 2009, 11:11

Critical security hole in EMC AutoStart closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A critical security hole in EMC AutoStart that made it possible to remotely execute code, has been closed. Authentication was not required to exploit this vulnerability. According to the Zero Day Initiative (ZDI) report the specific flaw exists in the Backbone service (ftbackbone.exe), which listens by default on TCP port 8042.

The process trusts a DWORD value from incoming packets which it arbitrarily calls. Exploitation of this issue leads to code execution under the context of the SYSTEM user. The problem appears in previous versions of EMI AutoStart prior to 5.3 SP2. Updating to EMC autostart 5.3 SP2 should eliminated the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit