EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability

Bugtraq ID:	30306
Class:	Design Error
CVE:	CVE-2008-3290
Remote:	Yes
Local:	No
Published:	Jul 21 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Vulnerable:	EMC Retrospect Backup Client for Windows 7.5.116 EMC Retrospect Backup Client for Solaris 7.5.116 EMC Retrospect Backup Client for Red Hat Linux 7.5.116 EMC Retrospect Backup Client for Macintosh 6.1
Not Vulnerable:	EMC Retrospect Backup Client for Windows 7.6.106 EMC Retrospect Backup Client for Solaris 7.6.100 EMC Retrospect Backup Client for Red Hat Linux 7.6.100 EMC Retrospect Backup Client for Macintosh 6.1.130

EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability

EMC Dantz Retrospect Backup Client is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability

An attacker can exploit this issue by using readily available network utilities.

EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability

Solution:
Fixes are available. Please see the references for more information.

EMC Dantz Retrospect Backup Client 'retroclient.exe' Remote Memory Corruption Vulnerability

References:

• EMC Retrospect Backup Client and Backup Server vulnerabilities (EMC)
  
• Multiple vulnerabilities in EMC Dantz Retrospect Backup Client/Server (Fortinet)
  
• FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 Remote Memory corrupt ([email protected])