Re: Multiple vulnerabilities in Double-Take 5.0.0.2865
Luigi Auriemma wrote:
Application: Double-Take
Double Take responded:
You may be aware of a recent posting of “vulnerabilities” in Double-Take
5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found that
sending packets of malformed data to our service will crash the service.
He also found that given access to the network, he could find a server’s
operating system, Ethernet adapters, printer driver, list of partitions
and their file systems, and recent Double-Take log entries.
These issues are not new and pose a low security risk. They do not
result in unauthorized system access, data access, or data corruption.
They also require the ability to send/receive packets directly to/from a
server, which would require prior access to your network.
We want to assure you that these are not cause for concern and that we
are working to close these gaps.