EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
BID:25375
Info
EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 25375 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3618 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 20 2007 12:00AM |
| Updated: | Aug 30 2007 11:02PM |
| Credit: | Tenable Network Security discovered this issue. |
| Vulnerable: |
EMC Legato Networker 7.3.2 EMC Legato Networker 7.2.1 EMC Legato Networker 7.2 EMC Legato Networker 7.1.3 EMC Legato Networker 7.0 |
| Not Vulnerable: | |
Discussion
EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
EMC Legato Networker is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
This issue affects the Networker Remote Exec Service (nsrexecd.exe).
Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.
Successful exploits may compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
EMC Legato Networker versions in the 7.0.0 series are vulnerable.
EMC Legato Networker is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
This issue affects the Networker Remote Exec Service (nsrexecd.exe).
Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.
Successful exploits may compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
EMC Legato Networker versions in the 7.0.0 series are vulnerable.
Exploit / POC
EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
Solution:
The vendor released updates and a knowledge base article (esg83899) to address this issue. Please contact the vendor for information on obtaining and apply these updates.
Solution:
The vendor released updates and a knowledge base article (esg83899) to address this issue. Please contact the vendor for information on obtaining and apply these updates.
References
EMC Legato Networker Remote Exec Service Stack Buffer Overflow Vulnerability
References:
References:
- EMC Legato Networker Homepage (EMC)
- EMC Powerlink Website (EMC)
- ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilit (Zero Day Initiative (ZDI))