Vigil@nce - EMC NetWorker: denial of service of nsrexecd via hash
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malformed RPC data to nsrexecd, in order to
stop it.
Severity: 2/4
Creation date: 15/03/2012
IMPACTED PRODUCTS
– EMC NetWorker
DESCRIPTION OF THE VULNERABILITY
The EMC NetWorker server connects to nsrexecd daemons which are
installed on clients. This daemon processes RPC queries, and opens
a dynamic port which is superior to 8000 in most cases.
A hash is computed on data received on this dynamic port. However,
if these data are malformed, the hash computation is done at an
invalid memory address, so nsrexecd stops.
An attacker can therefore send malformed RPC data to nsrexecd, in
order to stop it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/EMC-NetWorker-denial-of-service-of-nsrexecd-via-hash-11447