EMC Dantz Retrospect Backup Client Remote Buffer Overflow Vulnerability
BID:17948
CVE-2006-2391 |Info
EMC Dantz Retrospect Backup Client Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 17948 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2006 12:00AM |
| Updated: | May 15 2006 07:54PM |
| Credit: | Nicolas Pouvesle from Tenable Software and Stanka Šalamun from Acros Security reported this issue to the vendor. |
| Vulnerable: |
Dantz Retrospect Client For Windows 0 Dantz Retrospect Client For Solaris 0 Dantz Retrospect Client For NetWare 0 Dantz Retrospect Client For Macintosh 0 Dantz Retrospect Client For Linux 0 Dantz Retrospect Client 0 |
| Not Vulnerable: |
Dantz Retrospect Client For Windows 7.5.116 Dantz Retrospect Client For Windows 7.0.112 Dantz Retrospect Client For Windows 6.5.140 Dantz Retrospect Client For Solaris 7.5 Dantz Retrospect Client For Solaris 7.0 Dantz Retrospect Client For Solaris 6.5 Dantz Retrospect Client For NetWare 7.0 Dantz Retrospect Client For Macintosh 6.1.130 Dantz Retrospect Client For Macintosh 5.1.180 Dantz Retrospect Client For Linux 7.5 Dantz Retrospect Client For Linux 7.0 Dantz Retrospect Client For Linux 6.5 |
Discussion
EMC Dantz Retrospect Backup Client Remote Buffer Overflow Vulnerability
Dantz Retrospect Backup Client is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.
Dantz Retrospect Backup Client is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the application, denying further service to legitimate users.
Exploit / POC
EMC Dantz Retrospect Backup Client Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
EMC Dantz Retrospect Backup Client Remote Buffer Overflow Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the referenced advisory for further information on obtaining and applying fixes.
References
EMC Dantz Retrospect Backup Client Remote Buffer Overflow Vulnerability
References:
References: