Check Point Advisories

EMC Legato NetWorker Remote Execution Service Buffer Overflow (CVE-2007-3618)

Check Point Reference: CPAI-2007-313
Date Published: 18 Nov 2009
Severity: Critical
Last Updated: Wednesday 18 November, 2009
Source:
Industry Reference:CVE-2007-3618
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description EMC Legato NetWorker is an enterprise level backup and recovery suite product. It provides backup functionality for Windows, Linux, Unix, Netware, and VMS environments. EMC Legato NetWorker is designed with a Server-Agent principle. The communication between nodes is facilitated via a series of services which allow for remote access to the resources, as well as remote management of different components of the product. There exists a buffer overflow vulnerability in the EMC legato NetWorker product. The flaw is due to improper boundary protection when processing RPC requests. A remote unauthenticated attacker can leverage this vulnerability by sending crafted RPC message to the target host, potentially inject and execute arbitrary code with System level privileges. In a simple attack case, the affected service process will terminate abnormally when the malicious message is processed. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behavior of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally is SYSTEM on Windows platforms.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the EMC Legato NetWorker Remote Execution Service Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  SUN-RPC Enforcement Protection.
Attack Information:  EMC Legato NetWorker remote execution service buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK