Critical security hole in EMC AutoStart closed
A critical security hole in EMC AutoStart that made it possible to remotely execute code, has been closed. Authentication was not required to exploit this vulnerability. According to the Zero Day Initiative (ZDI) report the specific flaw exists in the Backbone service (ftbackbone.exe), which listens by default on TCP port 8042.
The process trusts a DWORD value from incoming packets which it arbitrarily calls. Exploitation of this issue leads to code execution under the context of the SYSTEM user. The problem appears in previous versions of EMI AutoStart prior to 5.3 SP2. Updating to EMC autostart 5.3 SP2 should eliminated the problem.
See also:
- EMC AutoStart Backbone Engine Trusted Pointer Code Execution Vulnerability, an advisory from the Zero Day Initiative
- EMC buys parts of SourceLabs, a heise online UK report
(crve)