EMC NetWorker nsrd Format String

Added: 09/27/2012
CVE: CVE-2012-2288
BID: 55330
OSVDB: 85116

Background

EMC NetWorker is a centralized data backup solution.

Problem

In NetWorker versions 7.6.3 through 8.0, the nsrd RPC service is vulnerable to a format string vulnerability.

Resolution

NetWorker 7 users should apply EMC NetWorker 7.6.4.1 and later. NetWorker 8 users should apply EMC NetWorker 8.0.0.1 and later. Customer registration is required to download the updates.

References

http://blog.exodusintel.com/2012/08/29/when-wrapping-it-up-goes-wrong/

Limitations

This exploit has been tested against EMC NetWorker 7.6.4.Build.1039 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).

Platforms

Windows

Back to exploit index