7 results (0.010 seconds)

CVSS: 10.0EPSS: 95%CPEs: 29EXPL: 1

Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow. Error de entero sin signo en la funcionalidad de autenticación en librpc.dll en Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), tal y como se utiliza en IBM Informix Dynamic Server (IDS) v10.x anteriores a la v10.00.TC9 y v11.x anteriores a v11.10.TC3 y EMC Legato NetWorker, permite a atacantes remotos ejecutar código arbitrario a través de un parámetro manipulado en tamaño que inicia un desbordamiento de búfer basado en la pila. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of both IBM Informix Dynamic Server and EMC Legato Networker. User interaction is not required to exploit this vulnerability. The specific flaw exists within the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890. During authentication, a lack of a proper signedness check on a supplied parameter size can result in exploitable stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user. • https://www.exploit-db.com/exploits/12109 http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834 http://secunia.com/advisories/38731 http://www.ibm.com/support/docview.wss?uid=swg1IC55329 http://www.ibm.com/support/docview.wss?uid=swg1IC55330 http://www.securityfocus.com/archive/1/509793/100/0/threaded http://www.securityfocus.com/bid/38472 http://www.vupen.com/english/advisories/2010/0508 http://www.vupen.com/english/advisories/2010/0509 http:/ • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 83%CPEs: 5EXPL: 0

Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." Desbordamiento de búfer basado en pila en el Servicio de Ejecución Remota NetWorker (nsrexecd.exe) en EMC Software NetWorker 7.x.x permite a atacantes remotos ejecutar código de su elección mediante (1) un sondeo o (2) una petición de terminación (kill) con un "subcmd inválido largo". These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Networker Remote Exec Service, nsrexecd.exe. The location of this service is available by querying the SUNRPC portmapper on TCP port 111 for service #0x5f3e1, version 1. • http://osvdb.org/39744 http://secunia.com/advisories/26517 http://securityreason.com/securityalert/3043 http://www.securityfocus.com/archive/1/477172/100/0/threaded http://www.securityfocus.com/bid/25375 http://www.securitytracker.com/id?1018590 http://www.vupen.com/english/advisories/2007/2931 http://www.zerodayinitiative.com/advisories/ZDI-07-049.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36123 •

CVSS: 5.0EPSS: 14%CPEs: 3EXPL: 2

nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference. • ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT http://secunia.com/advisories/18495 http://secunia.com/advisories/18615 http://securitytracker.com/id?1015500 http://securitytracker.com/id?1015545 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375 http://www.legato.com/support/websupport/product_alerts/011606_NW.htm http://www.securityfocus.com/bid/16275 http://www.vupen.com/ • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 13%CPEs: 6EXPL: 0

Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe). • ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT http://secunia.com/advisories/18495 http://secunia.com/advisories/18615 http://securitytracker.com/id?1015500 http://securitytracker.com/id?1015545 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373 http://www.idefense.com/intelligence/vulnerabilities/display.php? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.4EPSS: 2%CPEs: 10EXPL: 0

The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service. • http://secunia.com/advisories/16464 http://secunia.com/advisories/16470 http://securitytracker.com/id?1014713 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 http://www.kb.cert.org/vuls/id/801089 http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm http://www.osvdb.org/18802 http://www.securityfocus.com/bid/14582 https://exchange.xforce.ibmcloud.com/vulnerabilities/21893 •