EMC NetWorker nsrd Format String

2012-09-27T00:00:00
ID SAINT:933EC66E0F0E37FF3DEB40BBC96A904D
Type saint
Reporter SAINT Corporation
Modified 2012-09-27T00:00:00

Description

Added: 09/27/2012
CVE: CVE-2012-2288
BID: 55330
OSVDB: 85116

Background

EMC NetWorker is a centralized data backup solution.

Problem

In NetWorker versions 7.6.3 through 8.0, the nsrd RPC service is vulnerable to a format string vulnerability.

Resolution

NetWorker 7 users should apply EMC NetWorker 7.6.4.1 and later. NetWorker 8 users should apply EMC NetWorker 8.0.0.1 and later. Customer registration is required to download the updates.

References

<http://blog.exodusintel.com/2012/08/29/when-wrapping-it-up-goes-wrong/>

Limitations

This exploit has been tested against EMC NetWorker 7.6.4.Build.1039 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows