SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Dell NetVault Backup Vendors:   BakBone Software
NetVault Buffer Overflows Let Local and Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013625
SecurityTracker URL:  http://securitytracker.com/id/1013625
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 1 2005
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Exploit Included:  Yes  
Version(s): 7.3 and prior versions
Description:   class101 from Hat-Squad.com reported two vulnerabilities in NetVault. A local or remote user can execute arbitrary code on the target system.

A vulnerability exists in the processing of the 'configure.cfg' file. A local user with access to the file can create a computername 'Name=' entry that is longer than 111 bytes. Then, when the NetVault Process Manager service starts (or restarts), a buffer overflow will be triggered and arbitrary code executed with System privileges. The default permissions of the file are read only for the Users group.

A remote user can connect to the target system on port 20031 and supply a specially crafted 'clientname' entry in the 'Available NetVault Machines' list to trigger a heap overflow and execute arbitrary code on the target server.

A demonstration exploit is available at:

http://class101.org/36/55/op.php

The vendor was notified on March 16 and March 19, 2005.

The original advisories are available at:

http://class101.org/netv-remhbof.pdf
http://class101.org/netv-locsbof.pdf

Impact:   A local user with write access to the 'configure.cfg' file can execute arbitrary code with System level privileges.

A remote user can execute arbitrary code on the target system.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.bakbone.com/products/backup_and_restore/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  BakBone Netvault 6.x/7.x Local Stack Buffer Overflow


According to their website (bakbone.com),
BakBone Netvault 6.x/7.x is a professional backup software with several offices in the 
world and some pro customers as Apple, AT&T, Pirelli, LMU, HP, NIP,NASA, etc....
 
A Vulnerability exists in the configure.cfg file
 
advisory: class101.org/netv-locsbof.pdf
poc: class101.org/36/55/op.php
 
recommendation: to set stricts acl rules on this file.
-------------------------------------------------------------
class101
Jr. Researcher
Hat-Squad.com
-------------------------------------------------------------



According to their website (bakbone.com),
BakBone Netvault 6.x/7.x is a professional backup software with several offices in the 
world and some pro customers as Apple, AT&T, Pirelli, LMU, HP, NIP,NASA, etc....
 
A Vulnerability exists in the netvault server
 
advisory: class101.org/netv-remhbof.pdf
poc: class101.org/36/55/op.php
 
recommendation: to block incoming connections to 20031/tcp, 20031/udp
-------------------------------------------------------------
class101
Jr. Researcher
Hat-Squad.com
-------------------------------------------------------------
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC