CVE-2012-0406

EMC DPA 5.5-5.8 SP1 - DoS

Title source: llm

Description

The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoshardware

https://www.exploit-db.com/exploits/18688

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/dpa_1-adv.txt

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/522408/30/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18688/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1026956

Scores

EPSS 0.1176

EPSS Percentile 93.7%

Details

CWE

CWE-264

Status published

Products (4)

emc/data_protection_advisor 5.5 (2 CPE variants)

emc/data_protection_advisor 5.6 (2 CPE variants)

emc/data_protection_advisor 5.7 (2 CPE variants)

emc/data_protection_advisor 5.8 (2 CPE variants)

Published Apr 20, 2012

Tracked Since Feb 18, 2026