CVSS: 9.3EPSS: 84%CPEs: 5EXPL: 0CVE-2007-3618 – EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3618
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." Desbordamiento de búfer basado en pila en el Servicio de Ejecución Remota NetWorker (nsrexecd.exe) en EMC Software NetWorker 7.x.x permite a atacantes remotos ejecutar código de su elección mediante (1) un sondeo o (2) una petición de terminación (kill) con un "subcmd inválido largo". These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaws exist in the Networker Remote Exec Service, nsrexecd.exe. The location of this service is available by querying the SUNRPC portmapper on TCP port 111 for service #0x5f3e1, version 1. • http://osvdb.org/39744 http://secunia.com/advisories/26517 http://securityreason.com/securityalert/3043 http://www.securityfocus.com/archive/1/477172/100/0/threaded http://www.securityfocus.com/bid/25375 http://www.securitytracker.com/id?1018590 http://www.vupen.com/english/advisories/2007/2931 http://www.zerodayinitiative.com/advisories/ZDI-07-049.html https://exchange.xforce.ibmcloud.com/vulnerabilities/36123 •
CVSS: 7.5EPSS: 13%CPEs: 6EXPL: 0CVE-2005-3658
https://notcve.org/view.php?id=CVE-2005-3658
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe). • ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT http://secunia.com/advisories/18495 http://secunia.com/advisories/18615 http://securitytracker.com/id?1015500 http://securitytracker.com/id?1015545 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373 http://www.idefense.com/intelligence/vulnerabilities/display.php? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 14%CPEs: 3EXPL: 2CVE-2005-3659
https://notcve.org/view.php?id=CVE-2005-3659
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference. • ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT http://secunia.com/advisories/18495 http://secunia.com/advisories/18615 http://securitytracker.com/id?1015500 http://securitytracker.com/id?1015545 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375 http://www.legato.com/support/websupport/product_alerts/011606_NW.htm http://www.securityfocus.com/bid/16275 http://www.vupen.com/ • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0357
https://notcve.org/view.php?id=CVE-2005-0357
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID. • http://secunia.com/advisories/16464 http://secunia.com/advisories/16470 http://securitytracker.com/id?1014713 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 http://www.kb.cert.org/vuls/id/606857 http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm http://www.osvdb.org/18800 http://www.securityfocus.com/bid/14582 https://exchange.xforce.ibmcloud.com/vulnerabilities/21887 •
CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 0CVE-2005-0358
https://notcve.org/view.php?id=CVE-2005-0358
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token. • http://secunia.com/advisories/16464 http://secunia.com/advisories/16470 http://securitytracker.com/id?1014713 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 http://www.kb.cert.org/vuls/id/407641 http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm http://www.osvdb.org/18801 http://www.securityfocus.com/bid/14582 https://exchange.xforce.ibmcloud.com/vulnerabilities/21892 •