SAINT CorporationSAINT:B38F3B8ECD595EA546B31303D98B71FEEMC NetWorker nsrd Format String
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.2%
Added: 09/27/2012
CVE: CVE-2012-2288
BID: 55330
OSVDB: 85116
Background
EMC NetWorker is a centralized data backup solution.
Problem
In NetWorker versions 7.6.3 through 8.0, the nsrd RPC service is vulnerable to a format string vulnerability.
Resolution
NetWorker 7 users should apply EMC NetWorker 7.6.4.1 and later. NetWorker 8 users should apply EMC NetWorker 8.0.0.1 and later. Customer registration is required to download the updates.
References
<http://blog.exodusintel.com/2012/08/29/when-wrapping-it-up-goes-wrong/>
Limitations
This exploit has been tested against EMC NetWorker 7.6.4.Build.1039 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.2%