These vulnerabilities are being published as per the ZDI disclosure changes announced in August of 2010.
ZDI-CAN-614
Title:
EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability
Advisory:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability.
The Replication Manager client installs a service binds the irccd.exe process to TCP port 6542. This service accepts commands using an XML-based protocol. It exposes a vulnerability through it's RunProgram functionality. By abusing this function an attacker can execute arbitrary code under the context of currently logged in user.
Mitigation:
As the affected process is bound to a TCP port, external exploitation of this vulnerability can be mitigated by ensuring no traffic can reach the machine on the specified port. This can be done at the network level with a firewall or other similar technology.
Vendor Response: EMC has stated that this vulnerability has been fixed in EMC Replication Manager version 5.3 available through EMC Powerlink. However, the bug is still present in the EMC Networker Module for Microsoft Applications. It will be fixed in that product at a later date. EMC has released Security Advisory ESA-2011-004 to address this issue (covering CVE-2011-0647).
