Detections
Analytics

Retrospect Backup Client Multiple Vulnerabilities (ESA-08-009)

medium Nessus Plugin ID 33561

Language:

Synopsis

The remote backup client is affected by multiple vulnerabilities.

Description

According to its version number, the Retrospect Backup Client installed on the remote host is affected by several vulnerabilities :

 - An error in the client may lead to memory corruption and in turn a denial of service condition when processing specially crafted packets, although only when an English client is used on a Chinese operating system, which is not a supported configuration.

 - The password hash is sent over the network unencrypted, which could result in its disclosure.

 - A NULL pointer dereference error may lead to a denial of service condition.

Solution

Upgrade to the latest version of Retrospect Client software and verify it is at least 6.2.229 (Macintosh) / 7.6.106 (Windows) / 7.6.100 (Red Hat Linux or Solaris).

See Also

http://www.fortiguardcenter.com/advisory/FGA-2008-16.html

https://www.securityfocus.com/archive/1/494560/30/0/threaded

https://www.securityfocus.com/archive/1/494562/30/0/threaded

https://www.securityfocus.com/archive/1/494564/30/0/threaded

http://kb.dantz.com/article.asp?article=9692&p=2

Plugin Details

Severity: Medium

ID: 33561

File Name: retrospect_client_esa_08_009.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 7/23/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-3287, CVE-2008-3289, CVE-2008-3290

BID: 30306, 30308, 30313

CWE: 20, 200, 399

Secunia: 31186