CVE-2005-3658 Information

Description

Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314 and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).

Reference

ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT http://secunia.com/advisories/18495 http://secunia.com/advisories/18615 http://securitytracker.com/id?1015500 http://securitytracker.com/id?1015545 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374 http://www.legato.com/support/websupport/product_alerts/011606_NW.htm http://www.securityfocus.com/bid/16275 http://www.vupen.com/english/advisories/2006/0233 http://www.vupen.com/english/advisories/2006/0343 https://exchange.xforce.ibmcloud.com/vulnerabilities/24174 https://exchange.xforce.ibmcloud.com/vulnerabilities/24175