Exploit the possiblities

EMC NetWorker Buffer Overflow

EMC NetWorker Buffer Overflow
Posted Oct 16, 2017
Authored by Aaron Portnoy | Site emc.com

EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, and prior to 9.2.0.4 are affected.

tags | advisory, overflow
advisories | CVE-2017-8022
MD5 | 2d30450eaae3824296cca31643c40da1

EMC NetWorker Buffer Overflow

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability

EMC Identifier: ESA-2017-122

CVE Identifier: CVE-2017-8022

Severity Rating: CVSSv3 Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:
* EMC NetWorker versions prior to 8.2.4.9
* EMC NetWorker versions 9.0.x (all supported versions)
* EMC NetWorker versions prior to 9.1.1.3
* EMC NetWorker versions prior to 9.2.0.4

Summary:
EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:
EMC NetWorker Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.

Resolution:
The following EMC NetWorker Server releases contain resolution to this vulnerability:
* EMC NetWorker versions 8.2.4.9 and later
* EMC NetWorker version 9.1.1.3 and later
* EMC NetWorker version 9.2.0.4 and later

EMC recommends all customers upgrade to one of the above EMC NetWorker versions at the earliest opportunity. Customers are advised to follow security best practices and configure NetWorker Server to only accept requests from known hosts. See EMC NetWorker Security Configuration Guide for more information.

Link to remedies:

Customers can download software from: https://support.emc.com/downloads/1095_NetWorker

Credit:
EMC would like to thank Aaron Portnoy of Exodus Intelligence for reporting this vulnerability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZ5PDSAAoJEHbcu+fsE81ZI44IAI9Rk5oRvSeDFMLiv+1Cd/yL
RJEFCysNHGJzwVkz/XOXJLuE9ZxW6YgLfCxowT6WnLcslZVeBsSbNZBV7QJ3XPy5
hasBhaEfxc/8WoPhLOIbgbwW01ISAQfTAf2yEtX5jjddumnaDEBBbcdCdSKRFcbA
BfEIkXPWUXPDYx1k8tvfYWN09wWkfiA5QF0h3I8qGE/bygKpGzc5kv4bcZhbNXVf
TyyXYYFkmzfYqqqYf2LmAdbxzbWeNl7LAEVr7cxm6U23dlonNklW0wkOJDe1Ufgm
ehH99RALnao1glZHX2wgyAR4lf7awdIDeSxNJwlbKjwJUUX6vX6IYwM6laIF3IU=
=QPBw
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close