Bakbone NetVault Report Manager scheduler client and server buffer overflow

netvaultreport-scheduler-bo (35588) The risk level is classified as HighHigh Risk

Description:

Bakbone NetVault Reporter Manager is vulnerable to multiple heap-based buffer overflows in the scheduler client (clsscheduler.exe) and the scheduler server (srvscheduler.exe) services. By sending a specially-crafted HTTP POST or GET request containing an overly long filename, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.

Platforms Affected:

  • BakBone, BakBone NetVault Report Manager 3.4 prior update 4

Remedy:

Upgrade to the latest version of Bakbone NetVault Report Manager (3.5 update 4 or later), available from the Bakbone NetVault Report Manager Web site. See References.

Consequences:

Gain Access

References:

  • Bakbone NetVault Report Manager Web site, BakBone Software - Download Evaluation Software at http://www.bakbone.com/products/downloads/default.asp.
  • ZDI-07-044, BakBone NetVault Reporter Scheduler Heap Overflow Vulnerability at http://www.zerodayinitiative.com/advisories/ZDI-07-044.html.
  • BID-25068: BakBone NetVault Report Manager Multiple Heap Buffer Overflow Vulnerabilities
  • CVE-2007-3911: Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests.
  • SA26222: BakBone NetVault Report Manager Buffer Overflow Vulnerabilities
  • SECTRACK ID: 1018460: BakBone NetVault Report Manager Buffer Overflow
  • VUPEN/ADV-2007-2658: BakBone NetVault Reporter Scheduler Service Command Execution Vulnerability

Reported:

Jul 25, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page