‘EMC Documentum eRoom Indexing Server OpenText Code Execution Vulnerability’

Summary

The EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Code Execution Vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server.’

Credit:

‘The information has been provided by Stephen Fewer.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-236/


Details

Vulnerable Systems:
 * EMC Documentum eRoom Indexing Server

Authentication is not required to exploit this vulnerability.

The specific flaw exists within the bundled implementation of OpenText’s HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet’s contents into a buffer located on the stack. Due to not completely accommodating for the size of the data in the packet, the application will overwrite variables positioned after the buffer. This can lead to code execution under the context of the server.

Patch Availability:
EMC has issued an update to correct this vulnerability. More details can be found at:
http://www.securityfocus.com/archive/1/518897/30/0/threaded

CVE Information:
CVE-2011-1741

Disclosure Timeline:
2011-01-21 – Vulnerability reported to vendor
2011-07-18 – Coordinated public release of advisory’

Categories: News