<<< Date Index >>>     <<< Thread Index >>>

Re: Multiple vulnerabilities in Double-Take 5.0.0.2865



Luigi Auriemma wrote:
Application: Double-Take

Double Take responded:

You may be aware of a recent posting of “vulnerabilities” in Double-Take 5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found that sending packets of malformed data to our service will crash the service.

He also found that given access to the network, he could find a server’s operating system, Ethernet adapters, printer driver, list of partitions and their file systems, and recent Double-Take log entries.

These issues are not new and pose a low security risk. They do not result in unauthorized system access, data access, or data corruption. They also require the ability to send/receive packets directly to/from a server, which would require prior access to your network.

We want to assure you that these are not cause for concern and that we are working to close these gaps.