NovaStor NovaNet <= 13.0 issues

2010-04-27T00:00:00
ID SECURITYVULNS:DOC:23718
Type securityvulns
Reporter Securityvulns
Modified 2010-04-27T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

All - many of the following were inexplicably fixed in the latest version (NovaBACKUP Network 13.0), but still, a 2.5 year run isn't too bad...

http://digit-labs.org/files/exploits/novanet-own-lnx.c - - linux remote root <= 12.0

http://digit-labs.org/files/exploits/novanet-read.c - - arbitrary remote dword read <= 12.0

http://digit-labs.org/files/exploits/novanet-own.c - - Windows (no-DEP/NX, NovaNet 11.0) remote SYSTEM <= 12.0 (messy, there is a cleaner version)

They seemed to have missed the last one, so it still works on 13.0, but sadly the most useless :(

http://digit-labs.org/files/exploits/novanet-dos.c - - null deref remote DoS <= 13.0


mu-b (mu-b@digit-labs.org)

"Only a few people will follow the proof. Whoever does will spend the rest of his life convincing people it is correct." - Anonymous, "P ?= NP" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvVgfsACgkQY0H9BP42Ejwp6QCfYNp/kFqtFwmwwmDAz0s9gEoO S2YAoMA5VuJ+2+s+FaZj91TQ11+LEQoS =lwTl -----END PGP SIGNATURE-----