vulnerability announce CVE-2012-2288
EMC NetWorker: format string in nsrd
Synthesis of the vulnerability
A network attacker can send a malicious message to EMC NetWorker, in order to generate a format string attack, leading to code execution.Impacted products: NetWorker
BID-55330, CERTA-2012-AVI-481, CVE-2012-2288, EIP-2012-0001, ESA-2012-038, VIGILANCE-VUL-11912.
Description of the vulnerability
The RPC nsrd service of EMC NetWorker processes save and restore operations.
However, the RPC procedure 0x06 of service 0x5F3DD version 0x02 directly transmits the received parameter to the lg_sprintf() function. An attacker can thus send a format parameter to this procedure, in order to corrupt the memory with "%n".
A network attacker can therefore send a malicious message to EMC NetWorker, in order to generate a format string attack, leading to code execution.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an applications vulnerabilities note
. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.