CVE-2007-3911 – BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-3911

Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests. Múltiples desbordamientos de búfer basados en pila en (1) clsscheduler.exe (también conocido como scheduler client) y (2) srvscheduler.exe (también conocido comoscheduler server) en BakBone NetVault Reporter 3.5 anterior a Update4 permite a atacantes remotos ejecutar código de su elección a través de argumentos con nombres de archivos largos en respuestas HTTP. This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of BakBone NetVault Reporter. User interaction is not required to exploit this vulnerability. The specific flaw exists both within the scheduler client (clsscheduler.exe) listening on TCP port 7978 and the scheduler server (srvscheduler.exe) listening on TCP port 7977. In both cases an exploitable heap corruption can occur during the processing of overly long filename arguments to the "GET" and "POST" requests. • http://secunia.com/advisories/26222 http://securityreason.com/securityalert/2954 http://www.securityfocus.com/archive/1/474626/100/0/threaded http://www.securityfocus.com/bid/25068 http://www.securitytracker.com/id?1018460 http://www.vupen.com/english/advisories/2007/2658 http://www.zerodayinitiative.com/advisories/ZDI-07-044.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •