nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Legato_networker | Emc | 7.2 (including) | 7.2 (including) |
| Legato_networker | Emc | 7.2.1 (including) | 7.2.1 (including) |
| Legato_networker | Emc | 7.2_build172 (including) | 7.2_build172 (including) |
References
- ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT
- http://secunia.com/advisories/18495
- http://secunia.com/advisories/18615
- http://securitytracker.com/id?1015500
- http://securitytracker.com/id?1015545
- http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375
- http://www.legato.com/support/websupport/product_alerts/011606_NW.htm
- http://www.securityfocus.com/bid/16275
- http://www.vupen.com/english/advisories/2006/0233
- http://www.vupen.com/english/advisories/2006/0343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24173
- ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT
- http://secunia.com/advisories/18495
- http://secunia.com/advisories/18615
- http://securitytracker.com/id?1015500
- http://securitytracker.com/id?1015545
- http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375
- http://www.legato.com/support/websupport/product_alerts/011606_NW.htm
- http://www.securityfocus.com/bid/16275
- http://www.vupen.com/english/advisories/2006/0233
- http://www.vupen.com/english/advisories/2006/0343
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24173