BakBone NetVault Remote Heap Overflow Vulnerability
BID:12967
Info
BakBone NetVault Remote Heap Overflow Vulnerability
| Bugtraq ID: | 12967 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1009 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Hat-Squad Security Team <[email protected]>. |
| Vulnerable: |
BakBone NetVault 7.1 BakBone NetVault 7.0 |
| Not Vulnerable: | |
Discussion
BakBone NetVault Remote Heap Overflow Vulnerability
NetVault is reported prone to a remote heap overflow vulnerability.
A successful attack can allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
NetVault is reported prone to a remote heap overflow vulnerability.
A successful attack can allow remote attackers to execute arbitrary code on a vulnerable computer to gain unauthorized access.
This issue has been confirmed in NetVault 7 packages running on Windows platforms. Other versions of NetVault running on different platforms may be affected as well.
Exploit / POC
BakBone NetVault Remote Heap Overflow Vulnerability
An exploit targeting the application running on Windows is available (101_netvault.cpp). An exploit has also been released for the Metasploit Framework (bakbone_netvault_heap.pm).
An exploit targeting the application running on Windows is available (101_netvault.cpp). An exploit has also been released for the Metasploit Framework (bakbone_netvault_heap.pm).
Solution / Fix
BakBone NetVault Remote Heap Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
BakBone NetVault Remote Heap Overflow Vulnerability
References:
References:
- BakBone Home Page (BakBone)
- BakBone NetVault Remote Heap Buffer Overflow (Hat-Squad)
- [Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities ("Hat-Squad Security Team"