lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 16 Oct 2017 17:54:33 +0000
From: EMC Product Security Response Center <Security_Alert@....com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability

EMC Identifier: ESA-2017-122

CVE Identifier: CVE-2017-8022

Severity Rating: CVSSv3 Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:  
*	EMC NetWorker versions  prior to 8.2.4.9
*	EMC NetWorker versions 9.0.x (all supported versions)
*	EMC NetWorker versions prior to 9.1.1.3 
*	EMC NetWorker versions prior to 9.2.0.4 

Summary:  
EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:  
EMC NetWorker Server service (nsrd) is affected by a buffer overflow vulnerability.  A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. 

Resolution:  
The following EMC NetWorker Server releases contain resolution to this vulnerability:
*	EMC NetWorker versions 8.2.4.9 and later
*	EMC NetWorker version 9.1.1.3 and later
*	EMC NetWorker version 9.2.0.4 and later

EMC recommends all customers upgrade to one of the above EMC NetWorker versions at the earliest opportunity. Customers are advised to follow security best practices and configure NetWorker Server to only accept requests from known hosts. See EMC NetWorker Security Configuration Guide for more information.

Link to remedies:

Customers can download software from: https://support.emc.com/downloads/1095_NetWorker  

Credit:
EMC would like to thank Aaron Portnoy of Exodus Intelligence for reporting this vulnerability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZ5PDSAAoJEHbcu+fsE81ZI44IAI9Rk5oRvSeDFMLiv+1Cd/yL
RJEFCysNHGJzwVkz/XOXJLuE9ZxW6YgLfCxowT6WnLcslZVeBsSbNZBV7QJ3XPy5
hasBhaEfxc/8WoPhLOIbgbwW01ISAQfTAf2yEtX5jjddumnaDEBBbcdCdSKRFcbA
BfEIkXPWUXPDYx1k8tvfYWN09wWkfiA5QF0h3I8qGE/bygKpGzc5kv4bcZhbNXVf
TyyXYYFkmzfYqqqYf2LmAdbxzbWeNl7LAEVr7cxm6U23dlonNklW0wkOJDe1Ufgm
ehH99RALnao1glZHX2wgyAR4lf7awdIDeSxNJwlbKjwJUUX6vX6IYwM6laIF3IU=
=QPBw
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ