[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: ESA-2012-038: EMC NetWorker Format String Vulnerability
From: Security Alert <Security_Alert () emc ! com>
Date: 2012-08-30 17:18:22
Message-ID: 2998EC4866DB304BB746A1FC21C45714080699D040 () MX29A ! corp ! emc ! com
[Download RAW message or body]
["ESA-2012-038.txt" (text/plain)]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-038: EMC NetWorker Format String Vulnerability
EMC Identifier: ESA-2012-038
CVE Identifier: CVE-2012-2288
Severity Rating: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected products:
EMC NetWorker 7.6.3
EMC NetWorker 7.6.4
EMC NetWorker 8.0
Summary:
A format string vulnerability exists in the EMC NetWorker nsrd RPC service that could \
potentially be exploited by a malicious user to execute arbitrary code.
Details:
The nsrd RPC service is the NetWorker binary responsible for managing save and \
recover operations, gathering statistics, and maintaining the NetWorker resource \
database. The availability of this NetWorker Server process is essential for the \
proper operation of the product.
Under the context of an account running the NetWorker Server process, a remote \
malicious user could send a specially-crafted message that could corrupt application \
memory and subsequently execute arbitrary code.
Resolution:
The following EMC NetWorker products contain resolutions to this issue:
EMC NetWorker 7.6.4.1 and later
EMC NetWorker 8.0.0.1 and later
Link to remedies:
Registered EMC Online Support customers can download software from support.emc.com.
Select “Support by Product” and type \
“NetWorker”(https://support.emc.com/products/1095_NetWorker). From this page select \
“Downloads”, “Documentation” or “Advisories” as required.
Credits:
EMC would like to thank Aaron Portnoy via the Exodus Intelligence Program \
(http://www.exodusintel.com/eip) for reporting this issue.
Because the view is restricted based on customer agreements, you may not have \
permission to view certain downloads. Should you not see a software download you \
believe you should have access to, follow the instructions in EMC Knowledgebase \
solution emc116045.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution \
emc218831. EMC recommends all customers take into account both the base score and any \
relevant temporal and environmental scores which may impact the potential severity \
associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the \
attention of users of the affected EMC products, important security information. EMC \
recommends that all users determine the applicability of this information to their \
individual situations and take appropriate action. The information set forth herein \
is provided "as is" without warranty of any kind. EMC disclaims all warranties, \
either express or implied, including the warranties of merchantability, fitness for a \
particular purpose, title and non-infringement. In no event, shall EMC or its \
suppliers, be liable for any damages whatsoever including direct, indirect, \
incidental, consequential, loss of business profits or special damages, even if EMC \
or its suppliers have been advised of the possibility of such damages. Some states do \
not allow the exclusion or limitation of liability for consequential or incidental \
damages, so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert@emc.com
http://www.emc.com/contact-us/contact/product-security-response-center.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Cygwin)
iEYEARECAAYFAlA/n5QACgkQtjd2rKp+ALzL8QCfY5yy3ZGpPOshEhWG0riaK9Vn
feoAnj9PnmFKQQ94S00W//5lqLQ2HEZ1
=OBiJ
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic