EMC Retrospect Client Buffer Overflow Vulnerability

Bugtraq ID:	18064
Class:	Boundary Condition Error
CVE:	CVE-2006-2391
Remote:	Yes
Local:	No
Published:	May 21 2006 12:00AM
Updated:	Jun 27 2007 08:08PM
Credit:	ACROS Security is credited with the discovery of this vulnerability.
Vulnerable:	EMC Retrospect for Windows 7.5
Not Vulnerable:

EMC Retrospect Client Buffer Overflow Vulnerability

Retrospect Client for Windows is prone to a remote buffer-overflow vulnerability. This issue is due to a failure in the application to properly verify user-supplied input before copying it into a finite-sized buffer.

Successful exploits may result in memory corruption leading to a denial-of-service condition or arbitrary code execution.

Retrospect 7.5 Client for Windows is reported vulnerable. Other versions may be affected as well.

EMC Retrospect Client Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

EMC Retrospect Client Buffer Overflow Vulnerability

Solution:
The vendor has released an update to address this issue. Please contact the vendor for details on obtaining the appropriate updates.

EMC Retrospect Client Buffer Overflow Vulnerability

References:

• ASPR #2006-05-17-1: Buffer Overflow In Retroclient Service (ACROS)
  
• Retrospect Homepage (EMC)
  
• ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service (ACROS Security)