cnvd - cnvd-2017-32224

cnvd-2017-32224

Vulnerability from cnvd

Title: EMC NetWorker缓冲区溢出漏洞（CNVD-2017-32224）

Description:

EMC NetWorker是美国易安信（EMC）公司的一套统一备份和恢复软件。该软件提供备份与恢复、消除重复数据、备份报告等功能。

EMC NetWorker中的Server服务(nsrd)存在缓冲区溢出漏洞。远程攻击者可利用该漏洞执行任意的代码或造成拒绝服务。

Severity: 高

Patch Name: EMC NetWorker缓冲区溢出漏洞（CNVD-2017-32224）的补丁

Patch Description:

EMC NetWorker是美国易安信（EMC）公司的一套统一备份和恢复软件。该软件提供备份与恢复、消除重复数据、备份报告等功能。

EMC NetWorker中的Server服务(nsrd)存在缓冲区溢出漏洞。远程攻击者可利用该漏洞执行任意的代码或造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.emc.com

Reference: http://seclists.org/fulldisclosure/2017/Oct/35

Impacted products

Name
['EMC NetWorker <8.2.4.9', 'EMC NetWorker 9.0.x', 'EMC NetWorker <9.1.1.3', 'EMC NetWorker <9.2.0.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8022"
    }
  },
  "description": "EMC NetWorker\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u7edf\u4e00\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u5907\u4efd\u4e0e\u6062\u590d\u3001\u6d88\u9664\u91cd\u590d\u6570\u636e\u3001\u5907\u4efd\u62a5\u544a\u7b49\u529f\u80fd\u3002\r\n\r\nEMC NetWorker\u4e2d\u7684Server\u670d\u52a1(nsrd)\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Aaron Portnoy",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.emc.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32224",
  "openTime": "2017-11-01",
  "patchDescription": "EMC NetWorker\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4e00\u5957\u7edf\u4e00\u5907\u4efd\u548c\u6062\u590d\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u5907\u4efd\u4e0e\u6062\u590d\u3001\u6d88\u9664\u91cd\u590d\u6570\u636e\u3001\u5907\u4efd\u62a5\u544a\u7b49\u529f\u80fd\u3002\r\n\r\nEMC NetWorker\u4e2d\u7684Server\u670d\u52a1(nsrd)\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC NetWorker\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-32224\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC NetWorker \u003c8.2.4.9",
      "EMC NetWorker 9.0.x",
      "EMC NetWorker \u003c9.1.1.3",
      "EMC NetWorker \u003c9.2.0.4"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Oct/35",
  "serverity": "\u9ad8",
  "submitTime": "2017-10-17",
  "title": "EMC NetWorker\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2017-32224\uff09"
}

CVE-2017-8022 (GCVE-0-2017-8022)

Vulnerability from cvelistv5

Published

2017-10-18 15:00

Modified

2024-08-05 16:19

Severity ?

CWE

Buffer Overflow Vulnerability

Summary

An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1039583	vdb-entry, x_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2017/Oct/35	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4	Version: EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039583",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039583"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Oct/35"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
            }
          ]
        }
      ],
      "datePublic": "2017-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-19T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1039583",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039583"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Oct/35"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-8022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC NetWorker prior to 8.2.4.9, 9.0.x (all supported versions), prior to 9.1.1.3, prior to 9.2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system\u0027s platform."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039583",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039583"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Oct/35",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Oct/35"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-8022",
    "datePublished": "2017-10-18T15:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted