EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability

Bugtraq ID:	30313
Class:	Design Error
CVE:	CVE-2008-3287
Remote:	Yes
Local:	No
Published:	Jul 21 2008 12:00AM
Updated:	May 07 2015 05:27PM
Credit:	Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Vulnerable:	EMC Retrospect Backup Client for Windows 7.5.116 EMC Retrospect Backup Client for Solaris 7.5.116 EMC Retrospect Backup Client for Red Hat Linux 7.5.116 EMC Retrospect Backup Client for Macintosh 6.1 EMC Retrospect Backup Client 7.5.116
Not Vulnerable:	EMC Retrospect Backup Client for Windows 7.6.106 EMC Retrospect Backup Client for Solaris 7.6.100 EMC Retrospect Backup Client for Red Hat Linux 7.6.100 EMC Retrospect Backup Client for Macintosh 6.1.130

EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability

EMC Retrospect Backup Client is prone to a remote denial-of-service vulnerability because of a design error that causes a NULL-pointer exception.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability

An attacker can exploit this issue with readily available packet generators.

EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability

Solution:
The vendor has released a fix; please see the references for more information.

EMC Retrospect Backup Client NULL Pointer Remote Denial of Service Vulnerability

References:

• EMC Retrospect Backup Client and Backup Server vulnerabilities (EMC)
  
• Multiple vulnerabilities in EMC Dantz Retrospect Backup Client/Server (Fortinet)
  
• Vendor Homepage (EMC )
  
• FGA-2008-16: EMC Dantz Retrospect 7 backup Client 7.5.116 NULL-Pointer ref ([email protected])