Retrospect Backup Client Multiple Vulnerabilities (ESA-08-009)

medium Nessus Plugin ID 33561

Synopsis

The remote backup client is affected by multiple vulnerabilities.

Description

According to its version number, the Retrospect Backup Client installed on the remote host is affected by several vulnerabilities :

- An error in the client may lead to memory corruption and in turn a denial of service condition when processing specially crafted packets, although only when an English client is used on a Chinese operating system, which is not a supported configuration.

- The password hash is sent over the network unencrypted, which could result in its disclosure.

- A NULL pointer dereference error may lead to a denial of service condition.

Solution

Upgrade to the latest version of Retrospect Client software and verify it is at least 6.2.229 (Macintosh) / 7.6.106 (Windows) / 7.6.100 (Red Hat Linux or Solaris).

See Also

http://www.fortiguardcenter.com/advisory/FGA-2008-16.html

https://www.securityfocus.com/archive/1/494560/30/0/threaded

https://www.securityfocus.com/archive/1/494562/30/0/threaded

https://www.securityfocus.com/archive/1/494564/30/0/threaded

http://kb.dantz.com/article.asp?article=9692&p=2

Plugin Details

Severity: Medium

ID: 33561

File Name: retrospect_client_esa_08_009.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 7/23/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-3287, CVE-2008-3289, CVE-2008-3290

BID: 30306, 30308, 30313

CWE: 20, 200, 399

Secunia: 31186