Vigil@nce: EMC NetWorker, denial of service
October 2008 by Vigil@nce
An attacker can connect to the RPC interface of EMC NetWorker products in order to create a memory leak.
Consequences: denial of service of computer, denial of service of service
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3) Creation date: 22/10/2008
Following products are reachable via a RPC interface handled with
the nsrexecd.exe service:
NetWorker Storage Node
An attacker can connect to this interface and call a procedure with a long parameter. This procedure thus allocates a lot of memory, which is never freed.
The attacker can therefore connect several times in order to force the usage of all system resources.
Identifiers: BID-31866, FGA-2008-23, VIGILANCE-VUL-8195