CVE-2009-2754 – Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-2754
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow. Error de entero sin signo en la funcionalidad de autenticación en librpc.dll en Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), tal y como se utiliza en IBM Informix Dynamic Server (IDS) v10.x anteriores a la v10.00.TC9 y v11.x anteriores a v11.10.TC3 y EMC Legato NetWorker, permite a atacantes remotos ejecutar código arbitrario a través de un parámetro manipulado en tamaño que inicia un desbordamiento de búfer basado en la pila. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of both IBM Informix Dynamic Server and EMC Legato Networker. User interaction is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. During authentication, a lack of a proper signedness check on a supplied parameter size can result in exploitable stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user. • https://www.exploit-db.com/exploits/12109 http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834 http://secunia.com/advisories/38731 http://www.ibm.com/support/docview.wss?uid=swg1IC55329 http://www.ibm.com/support/docview.wss?uid=swg1IC55330 http://www.securityfocus.com/archive/1/509793/100/0/threaded http://www.securityfocus.com/bid/38472 http://www.vupen.com/english/advisories/2010/0508 http://www.vupen.com/english/advisories/2010/0509 http:/ • CWE-189: Numeric Errors •
CVE-2008-6219
https://notcve.org/view.php?id=CVE-2008-6219
nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. nsrexecd.exe en multiples productos de EMC Networker incluidos EMC NetWorker Server, Storage Node, y Client v7.3.x y v7.4, v7.4.1, v7.4.2, Client y Storage Node para Open VMS v7.3.2 ECO6 y anteriores, Module for Microsoft Exchange v5.1 y anteriores, Module for Microsoft Applications v2.0 y anteriores, Module for Meditech v2.0 y anteriores, y PowerSnap v2.4 SP1 y anteriores no manejan correctamente la localizacion de memoria, lo que permite a atacantes remotos producir una denegacion de servicio (agotamiento de memoria) a traves de multiples peticiones RPC manipuladas • http://secunia.com/advisories/32383 http://www.fortiguardcenter.com/advisory/FGA-2008-23.html http://www.securityfocus.com/archive/1/497645/100/0/threaded http://www.securityfocus.com/archive/1/497666/100/0/threaded http://www.securityfocus.com/bid/31866 http://www.securitytracker.com/id?1021095 http://www.vupen.com/english/advisories/2008/2894 https://exchange.xforce.ibmcloud.com/vulnerabilities/46035 • CWE-399: Resource Management Errors •
CVE-2007-3618 – EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3618
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." Desbordamiento de búfer basado en pila en el Servicio de Ejecución Remota NetWorker (nsrexecd.exe) en EMC Software NetWorker 7.x.x permite a atacantes remotos ejecutar código de su elección mediante (1) un sondeo o (2) una petición de terminación (kill) con un "subcmd inválido largo". These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Networker Remote Exec Service, nsrexecd.exe. The location of this service is available by querying the SUNRPC portmapper on TCP port 111 for service #0x5f3e1, version 1. • http://osvdb.org/39744 http://secunia.com/advisories/26517 http://securityreason.com/securityalert/3043 http://www.securityfocus.com/archive/1/477172/100/0/threaded http://www.securityfocus.com/bid/25375 http://www.securitytracker.com/id?1018590 http://www.vupen.com/english/advisories/2007/2931 http://www.zerodayinitiative.com/advisories/ZDI-07-049.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36123 •
CVE-2006-3892
https://notcve.org/view.php?id=CVE-2006-3892
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands. El servidor de la consola de administración del EMC NetWorker (antiguamente el Legato NetWorker) 7.3.2 anterior a la actualización 1 del Jumbo, utiliza una autenticación débil, lo que permite a atacantes remotos ejecutar comandos de su elección. • ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt http://osvdb.org/33853 http://secunia.com/advisories/24362 http://www.kb.cert.org/vuls/id/498553 http://www.kb.cert.org/vuls/id/MIMG-6VMLWA http://www.securityfocus.com/bid/22789 http://www.securitytracker.com/id?1017724 http://www.vupen.com/english/advisories/2007/0816 •
CVE-2005-3659
https://notcve.org/view.php?id=CVE-2005-3659
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference. • ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT http://secunia.com/advisories/18495 http://secunia.com/advisories/18615 http://securitytracker.com/id?1015500 http://securitytracker.com/id?1015545 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375 http://www.legato.com/support/websupport/product_alerts/011606_NW.htm http://www.securityfocus.com/bid/16275 http://www.vupen.com/ • CWE-399: Resource Management Errors •