BakBone NetVault < 7.1.2 / 7.3.1 Multiple Remote Overflows

critical Nessus Plugin ID 18257

Synopsis

The remote backup server is affected by multiple overflow flaws.

Description

The installed version of BakBone NetVault on the remote host suffers from two remote heap-based buffer overflow vulnerabilities. An attacker may be able to exploit these flaws and execute arbitrary code with SYSTEM privileges on the affected machine.

Solution

Upgrade to BackBone NetVault 7.1.2 / 7.3.1 or later.

See Also

http://www.hat-squad.com/en/000164.html

https://seclists.org/bugtraq/2005/May/132

https://seclists.org/bugtraq/2005/May/166

http://www.bakbone.com/docs/NetVault_Release_Notes_(712).pdf

http://www.bakbone.com/docs/NetVault_Release_Notes_(731).pdf

Plugin Details

Severity: Critical

ID: 18257

File Name: netvault_remote_hbof.nasl

Version: 1.25

Type: remote

Published: 5/14/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:bakbone:netvault

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/2/2005

Exploitable With

Metasploit (BakBone NetVault Remote Heap Overflow)

Reference Information

CVE: CVE-2005-1009, CVE-2005-1547

BID: 12967, 13594, 13618