Vulnerabilities > CVE-2007-3618 - Remote Exec Service Stack Buffer Overflow vulnerability in EMC Legato Networker
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family | Gain a shell remotely |
NASL id | EMC_NETWORKER_CVE-2007-3618.NASL |
description | The EMC Legato Networker application running on the remote host is affected by a stack overflow condition in the Networker Remote Exec Service (nsrexecd.exe), specifically within the sprintf() function, when handling poll or kill requests. An unauthenticated, remote attacker can exploit this, via a crafted request using a long invalid subcmd, to execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 94163 |
published | 2016-10-20 |
reporter | This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/94163 |
title | EMC Legato Networker Remote Exec Service Stack Overflow RCE |
code |
|
Saint
bid | 25375 |
description | EMC NetWorker Remote Exec service subcmd buffer overflow |
id | rpc_legatocategory_remoteexecbo,rpc_legatocategory_version |
osvdb | 39744 |
title | emc_networker_rexec_subcmd |
type | remote |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 25375 CVE(CAN) ID: CVE-2007-3618 EMC Legato NetWorker是一款跨平台的备份和恢复系统。 EMC Legato NetWorker的远程Exec服务(nsrexecd.exe)存在栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果向poll或kill请求提交了超长的无效subcmd请求的话,就可以在对sprintf()的调用中触发这个溢出,导致执行任意指令。 EMC Legato Networker 7.x.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=\"http://www.emc.com/products/storage_management/navisphere.jsp\" target=\"_blank\">http://www.emc.com/products/storage_management/navisphere.jsp</a> |
id | SSV:2149 |
last seen | 2017-11-19 |
modified | 2007-08-21 |
published | 2007-08-21 |
reporter | Root |
title | EMC Legato Networker nsrexecd.exe服务远程栈溢出漏洞 |
References
- http://osvdb.org/39744
- http://secunia.com/advisories/26517
- http://securityreason.com/securityalert/3043
- http://www.securityfocus.com/archive/1/477172/100/0/threaded
- http://www.securityfocus.com/bid/25375
- http://www.securitytracker.com/id?1018590
- http://www.vupen.com/english/advisories/2007/2931
- http://www.zerodayinitiative.com/advisories/ZDI-07-049.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36123