BakBone NetVault remote heap overflow

Added: 03/24/2006
CVE: CVE-2005-1009
BID: 12967
OSVDB: 15234

Background

BakBone NetVault is a distributed data backup and restore solution for UNIX and Windows networks.

Problem

A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted request to port 20031/TCP.

Resolution

Install the latest update.

References

http://www.securityfocus.com/archive/1/394801

Limitations

Exploit works on NetVault 7.3. Since the vulnerability is a heap overflow, the success of this exploit depends upon the system state.

Platforms

Windows 2000 SP3
Windows 2000 / Windows 2000 SP4
Windows 2000 SP4 Server
Windows XP
Windows XP SP1

Back to exploit index