14 DAY TRIAL // Some versions of the EMC AutoStart software for monitoring and automating the restart of applications and data services can be exploited by a remote attacker to run arbitrary code on the machine.
EMC AutoStart is designed for quick recovery from failover scenarios in an enterprise environment. It allows business continuity by relaunching software solutions (clusters or single instances) on an alternate server running UNIX, Linux or Windows, in case of outages.
Glitch is exploitable by an unauthenticated third party
The remote code execution vulnerability is present in versions 5.5.0 and earlier of the product and it can be exploited via specially crafted packets, a security advisory from Carnegie Mellon’s CERT (Computer Emergency Readiness Team) informs.
Tracked as CVE-2015-0538, the security flaw has been reported by an anonymous researcher and has received a severity score of 9.3 out of 10, as per the CVSS (Common Vulnerability Scoring System) standard.
According to CERT, vulnerable versions of EMC AutoStart do not rely on secure communication between nodes, giving an unauthenticated attacker the possibility to inject malicious packets.
If the domain name used by AutoStart is known to the threat actor, they could run code with system or root privileges, which are the highest on a machine.
“By sending crafted packets to the ftagent running on the remote system, it is possible to run commands to write and execute data to an absolute or relative file path on the remote system,” explains the advisory.
New release is available, updating is a must
A hotfix is currently available in EMC AutoStart 5.5.0.508 (HF4), and it can be obtained by contacting the technical support service; users are urged to switch to the new release without delay.
CERT suggests administrators impose access restrictions by configuring the firewall system to limit use of TCP port 8045 to trusted systems that run EMC AutoStart.