Lucene search

SAINT CorporationSAINT:AE35139DD065E90FD4B37B5EB1DCCBCB

HistoryNov 09, 2007 - 12:00 a.m.

EMC NetWorker Remote Exec service subcmd buffer overflow

2007-11-0900:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.863 High

EPSS

Percentile

98.5%

JSON

Added: 11/09/2007
CVE: CVE-2007-3618
BID: 25375
OSVDB: 39744

Background

EMC NetWorker is a centralized data backup solution.

Problem

A buffer overflow vulnerability in the Remote Exec service (**nsrexecd.exe**) allows remote attackers to execute arbitrary commands by sending a long, invalid subcmd to a poll or kill request.

Resolution

For fix information see EMC knowledge base article esg83899 which is available from EMC Powerlink.

References

<http://www.zerodayinitiative.com/advisories/ZDI-07-049.html>

Limitations

Exploit works on EMC NetWorker 7.3.2 on Windows 2000, and on Windows Server 2003 with Data Execution Prevention (DEP) enabled.

Platforms

Windows 2000
Windows Server 2003 SP1
Windows Server 2003 SP2 / Windows Server 2003

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.863 High

EPSS

Percentile

98.5%

JSON

Related for SAINT:AE35139DD065E90FD4B37B5EB1DCCBCB