BakBone NetVault Reporter Scheduler Service Command Execution Vulnerability


Description   A vulnerability has been identified in BakBone NetVault Reporter, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a heap overflow error in the scheduler client (clsscheduler.exe) listening on port 7978/TCP and the scheduler server (srvscheduler.exe) listening on port 7977/TCP when processing an overly long filename argument passed to a "GET" or "POST" request, which could be exploited by remote attackers to crash an affected application or execute arbitrary code with SYSTEM privileges.
     
Vulnerable Products   Vulnerable Software:
NetVault Report Manager versions prior to 3.5 Update4
     
Solution   Upgrade to NetVault Report Manager version 3.5 Update4 : http://www.bakbone.com/products/downloads/default.asp
     
CVE   CVE-2007-3911
     
References   http://www.zerodayinitiative.com/advisories/ZDI-07-044.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Possible buffer overflow on URL
3.2.0
     


 
 
 
 
 Risk level 
Critical 

 Vulnerability First Public Report Date 
2007-07-26 

 Target Type 
Server 

 Possible exploit 
Local & Remote