SecurityTracker.com Archives - Sun StorEdge 'nsrd.exe' and 'nsrexecd.exe' Heap Overflows Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > StorEdge Enterprise Products

Sun StorEdge 'nsrd.exe' and 'nsrexecd.exe' Heap Overflows Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1015545

SecurityTracker URL: http://securitytracker.com/id?1015545

CVE Reference: CVE-2005-3658 , CVE-2005-3659 (Links to External Site)

Date: Jan 26 2006

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Sun Alert

Version(s): Solstice Backup 6.0, 6.1; StorEdge Enterprise Backup Software 7.1, 7.1L, 7.2, 7.2L

Description: A vulnerability was reported in Sun StorEdge Enterprise Backup Software. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted RPC requests to RPC program number 390109 on the target system to trigger a heap overflow or a NULL pointer dereference in 'nsrd.exe'.

Backup client systems and server systems are affected.

A remote user can also send specially crafted RPC requests to RPC program number 390113 on the target system to trigger a heap overflow in 'nsrexecd.exe'.

This vulnerability was originally reported by iDEFENSE as affecting EMC Legato NetWorker [see Alert ID 1015500]. Sun StorEdge Enterprise Backup Software is also affected.

The original advisories are available at:

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373
http://www.idef ense.com/intelligence/vulnerabilities/display.php?id=374
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375

Impact: A remote user can cause the nsrd service to crash.

A remote user can execute arbitrary code on the target system.

Solution: The vendor has issued the following fixes.

SPARC Platform

* Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 116826-06 or later
* Sun StorEdge Enterprise Backup Software (EBS) 7.1L with patch 116828-04 or later
* Sun StorEdge Enterprise Backup Software (EBS) 7.3

x86 Platform

* Sun StorEdge Enterprise Backup Software (EBS) 7.1 with patch 116827-07 or later
* Sun StorEdge Enterprise Backup Software (EBS) 7.3

A fix for EBS 7.2 is pending.

The vendor's advisory is available at:

http://sunsolve.sun.com/search/docume nt.do?assetkey=1-26-102148-1

Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102148-1 (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (Solaris - SunOS)

Message History: None.

Source Message Contents

Date: Wed, 25 Jan 2006 21:41:04 -0500
Subject: SecurityVulnerabilities in Sun StorEdge Enterprise Backup Software (EBS)

 
 
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102148-1
 
CVE-2005-3658
 
CVE-2005-3659

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2006, SecurityGlobal.net LLC