what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

bakboneOverflows.txt

bakboneOverflows.txt
Posted Apr 14, 2005
Authored by class101 | Site hat-squad.com

BakBone NetVault versions 7.x and 6.x are susceptible to remote heap and local buffer overflows.

tags | advisory, remote, overflow, local
SHA-256 | d41408652080a239c3517aa5d539ca4aafc24bb8668da0188dbad31ca7489fb1

bakboneOverflows.txt

Change Mirror Download
Hat-Squad Advisory: BakBone NetVault Remote Heap and Local Buffer 
Overflow
April 1, 2005

Product: BakBone NetVault
Vendor URL: http://www.bakbone.com
Version: NetVault 7.x, 6.x
Vulnerability: Remote and Local Heap Buffer overflows
Release Date:1 April 2005

Vendor Status:

17-3-2005: vendor notified #1/3
18-3-2005: vendor notified #2/3
19-3-2005: vendor notified #3/3
21-3-2005: vendor RE-notification #1/1
24-3-2005: vendor wake up
Response: I'm on a business trip!

Description:

NetVault is a professional backup and restore solution for eterogeneous
UNIX, Windows NT/2000, Linux and Netware enterprise environments.With
NetVault you can rapidly add and configure new servers, devices and
clients, and control them from a central location.

Details:a

Problem details could be found at:

http://www.class101.org/netv-remhbof.pdf (remote overflow)
http://www.class101.org/netv-locsbof.pdf (local overflow)

For proof of concepts (both remote and local) please visit:

http://class101.org/36/55/op.php
http://www.hat-squad.com

Solution:

At the moment of writing this advisory, no patch is released, we can
only suggest to :

1- Restrict all incoming connections to 20031/tcp and 20031/udp, a fix
might come very soon.
2- set STRICTS ACL rules, for example, allow ONLY SYSTEM to write in
configure.cfg. This will protect against Local attack.


Credits:

This Vulnerability has been Discoverd By class101 (class101@hat-
squad.com)

Disclaimer:

This Advisory is provided on an "AS IS" basis and does not imply any
kind of guarantee or warranty. Neither the author nor the publisher
accepts any liability for any direct, indirect,or consequential loss or
damage arising from use of, or reliance on, this informations.

Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close