Retrospect Client for Windows Malformed Packet DoS

medium Nessus Network Monitor Plugin ID 3459

Synopsis

The remote backup client is susceptible to denial of service attacks.

Description

According to its version number, the installed instance of Retrospect Client for Windows reportedly will stop working if it receives a packet starting with a specially-crafted sequence of bytes. An unauthenticated remote attacker may be able to leverage this flaw to prevent the affected host from being backed up.

Solution

Upgrade to version 6.5.138, 7.0.109 or higher.

See Also

http://kb.dantz.com/display/2n/articleDirect/index.asp?aid=8361&r=0.5648157

http://www.securityfocus.com/archive/1/426652/30/0/threaded

Plugin Details

Severity: Medium

ID: 3459

Family: Generic

Published: 3/6/2006

Updated: 3/6/2019

Nessus ID: 20996

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:emc_dantz:retrospect

Reference Information

CVE: CVE-2006-0995

BID: 16933