Re: Multiple vulnerabilities in Double-Take 5.0.0.2865

[Steve Shockley <steve.shockley () shockley net>]

Luigi Auriemma wrote:
> Application: Double-Take

Double Take responded:

You may be aware of a recent posting of “vulnerabilities” in Double-Take 
5.0 by an Italian gentleman, Luigi Auriemma. Essentially he found that 
sending packets of malformed data to our service will crash the service.

He also found that given access to the network, he could find a server’s 
operating system, Ethernet adapters, printer driver, list of partitions 
and their file systems, and recent Double-Take log entries.

These issues are not new and pose a low security risk. They do not 
result in unauthorized system access, data access, or data corruption. 
They also require the ability to send/receive packets directly to/from a 
server, which would require prior access to your network.

We want to assure you that these are not cause for concern and that we 
are working to close these gaps.