BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability
BID:12966
Info
BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability
| Bugtraq ID: | 12966 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 01 2005 12:00AM |
| Updated: | Apr 01 2005 12:00AM |
| Credit: | Discovery is credited to Hat-Squad Security Team <[email protected]>. |
| Vulnerable: |
BakBone NetVault 7.1 BakBone NetVault 7.0 |
| Not Vulnerable: | |
Discussion
BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability
NetVault is reported prone to a local buffer overflow vulnerability.
It is reported that a local attacker can exploit this vulnerability by supplying excessive data through a variable in the 'configure.cfg' file.
A successful attack can allow local attackers to execute arbitrary code on a vulnerable computer to gain elevated privileges.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
NetVault is reported prone to a local buffer overflow vulnerability.
It is reported that a local attacker can exploit this vulnerability by supplying excessive data through a variable in the 'configure.cfg' file.
A successful attack can allow local attackers to execute arbitrary code on a vulnerable computer to gain elevated privileges.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
Exploit / POC
BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability
An exploit targeting the application running on Windows is available:
An exploit targeting the application running on Windows is available:
Solution / Fix
BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
BakBone NetVault Configure.CFG Local Buffer Overflow Vulnerability
References:
References:
- BakBone Home Page (BakBone)
- BakBone NetVault Local Stack Buffer Overflow (Hat-Squad)
- [Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities ("Hat-Squad Security Team"