Vulnerability CVE-2008-6219


Published: 2009-02-20   Modified: 2012-02-12

Description:
nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.

See advisories in our WLB2 database:
Topic
Author
Date
High
EMC NetWorker Denial of Service Vulnerability
noreply-secresea...
23.10.2008
High
EMC NetWorker Denial of Service Vulnerability
Fortinet\'s...
21.02.2009

Type:

CWE-399

(Resource Management Errors)

Vendor: EMC
Product: Networker client 
Version:
7.4.2
7.4.1
7.4
7.3.2
7.3
Product: Networker storage node 
Version:
7.4.2
7.4.1
7.4
7.3.2
7.3
Product: Networker server 
Version:
7.4.2
7.4.1
7.4
7.3
Product: Networker module 
Version: 5.1; 2.0;
Product: Networker powersnap 
Version: 2.4;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.fortiguardcenter.com/advisory/FGA-2008-23.html
http://www.securityfocus.com/archive/1/497645/100/0/threaded
http://www.securityfocus.com/archive/1/497666/100/0/threaded
http://www.securityfocus.com/bid/31866
http://www.securitytracker.com/id?1021095
http://www.vupen.com/english/advisories/2008/2894
https://exchange.xforce.ibmcloud.com/vulnerabilities/46035

Related CVE
CVE-2018-15769
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur...
CVE-2018-11080
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user t...
CVE-2018-11079
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration...
CVE-2018-15764
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitr...
CVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote att...
CVE-2018-11070
RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover ...
CVE-2018-11069
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
CVE-2018-11068
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

Copyright 2019, cxsecurity.com

 

Back to Top