Secunia Security Advisory - A vulnerability has been reported in several EMC NetWorker Products, which can be exploited by malicious people to cause a DoS (Denial of Service).
6ec58cc56788ad858723ada23d77017570608f6b21dd86493726d403d2aacae2
----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
EMC NetWorker Products "nsrexecd.exe" Denial of Service
SECUNIA ADVISORY ID:
SA32383
VERIFY ADVISORY:
http://secunia.com/advisories/32383/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
EMC NetWorker (formerly Legato NetWorker) 7.x
http://secunia.com/advisories/product/2692/
EMC NetWorker Module for Meditech 2.x
http://secunia.com/advisories/product/20218/
EMC NetWorker Module for Microsoft Applications 2.x
http://secunia.com/advisories/product/20219/
EMC NetWorker Module for Microsoft Exchange Server 5.x
http://secunia.com/advisories/product/20220/
EMC NetWorker PowerSnap Module 2.x
http://secunia.com/advisories/product/20217/
DESCRIPTION:
A vulnerability has been reported in several EMC NetWorker Products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
The vulnerability is caused due to an error in the "nsrexecd.exe"
process when allocating memory. This can be exploited exhaust all
available memory via specially crafted RPC requests.
The vulnerability affects the following products and versions:
* NetWorker Server, Storage Node and Client 7.3.x, 7.4, 7.4.1, and
7.4.2
* NetWorker Client and Storage Node for Open VMS 7.3.2 ECO6 and
earlier
* NetWorker Module for Microsoft Exchange 5.1 and earlier
* NetWorker Module for Microsoft Applications 2.0 and earlier
* NetWorker Module for Meditech 2.0 and earlier
* NetWorker PowerSnap 2.4 SP1 and earlier
SOLUTION:
Update to a fixed version.
NetWorker Server, Storage Node and Client 7.3.x:
Update to version 7.3 SP4 build 565.
NetWorker Server, Storage Node and Client 7.4.x:
Update to version 7.4 SP3.
NetWorker Client and Storage Node for Open VMS:
Update to version 7.3.2 ECO7.
NetWorker Module for Microsoft Exchange:
Update to version 5.1 SP1.
NetWorker Module for Microsoft Applications:
Update to version 2.1.
NetWorker Module for Meditech:
Update to version 2.0 SP1.
NetWorker PowerSnap:
Update to version 2.4 SP2.
PROVIDED AND/OR DISCOVERED BY:
Zhenhua Liu, Xiaopeng Zhang and Junfeng Jia of Fortinet's FortiGuard
Global Security Research Team
ORIGINAL ADVISORY:
Fortinet:
http://www.fortiguardcenter.com/advisory/FGA-2008-23.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------