Check Point Reference: | CPAI-2007-313 |
Date Published: | 18 Nov 2009 |
Severity: | Critical |
Last Updated: | Wednesday 18 November, 2009 |
Source: | |
Industry Reference: | CVE-2007-3618 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | EMC Legato NetWorker is an enterprise level backup and recovery suite product. It provides backup functionality for Windows, Linux, Unix, Netware, and VMS environments. EMC Legato NetWorker is designed with a Server-Agent principle. The communication between nodes is facilitated via a series of services which allow for remote access to the resources, as well as remote management of different components of the product. There exists a buffer overflow vulnerability in the EMC legato NetWorker product. The flaw is due to improper boundary protection when processing RPC requests. A remote unauthenticated attacker can leverage this vulnerability by sending crafted RPC message to the target host, potentially inject and execute arbitrary code with System level privileges. In a simple attack case, the affected service process will terminate abnormally when the malicious message is processed. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behavior of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally is SYSTEM on Windows platforms. |
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: SUN-RPC Enforcement Protection.
Attack Information: EMC Legato NetWorker remote execution service buffer overflow