In association with heise online

27 July 2007, 12:17

Patch for BakBone NetVault Reporter to fix vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

TippingPoint has reported a vulnerability in BakBone NetVault Reporter 3.5 that allows attackers to take control of a system. The NetVault Reporter tool is designed to monitor storage systems in LANs. A heap overflow vulnerability exists in both the scheduler client and the scheduler server that can be triggered with GET and POST requests to TCP ports 7977 or 7978. An attacker only has to supply excess length file names in the respective requests. According to the advisory, this allows attackers to inject code and execute it with system privileges.

The vendor has provided NetVault Report Manager v3.5 Update4 to fix this hole.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit