CVE-2012-0406

Name of the Vulnerable Software and Affected Versions EMC Data Protection Advisor versions 5.5 through 5.8 SP1

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by exploiting the DPA Utilities.cProcessAuthenticationData function. This can be achieved by sending an AUTHENTICATECONNECTION command that either lacks a password field or has an empty password.

Recommendations For versions 5.5 through 5.8 SP1, as a temporary workaround, consider restricting access to the DPA Utilities.cProcessAuthenticationData function until a patch is available. Avoid using the AUTHENTICATECONNECTION command with empty or missing password fields in the affected versions. At the moment, there is no information about a newer version that contains a fix for this issue.