Lucene search
SAINT CorporationSAINT:933EC66E0F0E37FF3DEB40BBC96A904DHistorySep 27, 2012 - 12:00 a.m.
EMC NetWorker nsrd Format String
2012-09-2700:00:00
SAINT Corporation
www.saintcorporation.com
25
EPSS
0.942
Percentile
99.2%
Added: 09/27/2012
CVE: CVE-2012-2288
BID: 55330
OSVDB: 85116
Background
EMC NetWorker is a centralized data backup solution.
Problem
In NetWorker versions 7.6.3 through 8.0, the nsrd RPC service is vulnerable to a format string vulnerability.
Resolution
NetWorker 7 users should apply EMC NetWorker 7.6.4.1 and later. NetWorker 8 users should apply EMC NetWorker 8.0.0.1 and later. Customer registration is required to download the updates.
References
<http://blog.exodusintel.com/2012/08/29/when-wrapping-it-up-goes-wrong/>
Limitations
This exploit has been tested against EMC NetWorker 7.6.4.Build.1039 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Platforms
Windows
Related
saint
saint
EMC NetWorker nsrd Format String
2012-09-27 00:00:00
EMC NetWorker nsrd Format String
2012-09-27 00:00:00
EMC NetWorker nsrd Format String
2012-09-27 00:00:00
zdt
zdt
EMC Networker Format String Vulnerability
2012-11-06 00:00:00
canvas
canvas
Immunity Canvas: EMC_NETWORKERFS
2012-09-04 11:04:00
packetstorm
packetstorm
EMC Networker Format String
2012-11-06 00:00:00
securityvulns
securityvulns
EMC Networker formatstring vulnerability
2012-09-02 00:00:00
ESA-2012-038: EMC NetWorker Format String Vulnerability
2012-09-02 00:00:00
checkpoint_advisories
checkpoint_advisories
EMC NetWorker nsrd Format String Remote Code Execution (CVE-2012-2288)
2012-10-14 00:00:00
EMC NetWorker nsrd Stack Buffer Overflow (CVE-2012-2288)
2012-12-05 00:00:00
cve
cve
CVE-2012-2288
2012-09-04 11:04:48
nvd
nvd
CVE-2012-2288
2012-09-04 11:04:48
exploitdb
exploitdb
EMC NetWorker - Format String (Metasploit)
2012-11-07 00:00:00
metasploit
metasploit
EMC Networker Format String
2012-11-03 17:17:12
prion
prion
Format string
2012-09-04 11:04:00
cvelist
cvelist
CVE-2012-2288
2012-09-04 10:00:00