lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 01 Apr 2005 18:14:41 +0430
From: "Hat-Squad Security Team" <bugtraq@...-squad.com>
To: bugtraq@...urityfocus.com
Subject: [Hat-Squad Advisory] Bakbone NetVault Heap overflow Vulnerabilities


Hat-Squad Advisory: BakBone NetVault Remote Heap and Local Buffer 
Overflow
April 1, 2005 

Product: BakBone NetVault  
Vendor URL: http://www.bakbone.com
Version: NetVault 7.x, 6.x
Vulnerability: Remote and Local Heap Buffer overflows 
Release Date:1 April 2005

Vendor Status: 

17-3-2005: vendor notified #1/3
18-3-2005: vendor notified #2/3
19-3-2005: vendor notified #3/3
21-3-2005: vendor RE-notification #1/1
24-3-2005: vendor wake up
Response: I'm on a business trip!

Description:

NetVault is a professional backup and restore solution for eterogeneous 
UNIX, Windows NT/2000, Linux and Netware enterprise environments.With 
NetVault you can rapidly add and configure new servers, devices and 
clients, and control them from a central location.

Details:a

Problem details could be found at:

http://www.class101.org/netv-remhbof.pdf (remote overflow)
http://www.class101.org/netv-locsbof.pdf (local overflow)

For proof of concepts (both remote and local) please visit:

http://class101.org/36/55/op.php
http://www.hat-squad.com

Solution:

At the moment of writing this advisory, no patch is released, we can 
only suggest to :

1- Restrict all incoming connections to 20031/tcp and 20031/udp, a fix 
might come very soon.
2- set STRICTS ACL rules, for example, allow ONLY SYSTEM to write in 
configure.cfg. This will protect against Local attack.


Credits:

This Vulnerability has been Discoverd By class101 (class101@...-
squad.com)

Disclaimer:

This Advisory is provided on an "AS IS" basis and does not imply any 
kind of guarantee or warranty. Neither the author nor the publisher 
accepts any liability for any direct, indirect,or consequential loss or 
damage arising from use of, or reliance on, this informations.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ