Synopsis :

The remote backup client is affected by multiple vulnerabilities.

Description :

According to its version number, the Retrospect Backup Client
installed on the remote host is affected by several vulnerabilities :

- An error in the client may lead to memory corruption
and in turn a denial of service condition when
processing specially crafted packets, although only
when an English client is used on a Chinese operating
system, which is not a supported configuration.

- The password hash is sent over the network unencrypted,
which could result in its disclosure.

- A null pointer dereference error may lead to a denial
of service condition.

See also :

http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
http://www.securityfocus.com/archive/1/494560/30/0/threaded
http://www.securityfocus.com/archive/1/494562/30/0/threaded
http://www.securityfocus.com/archive/1/494564/30/0/threaded
http://kb.dantz.com/article.asp?article=9692&p=2

Solution :

Upgrade to the latest version of Retrospect Client software and verify
it is at least 6.2.229 (Macintosh) / 7.6.106 (Windows) / 7.6.100 (Red
Hat Linux or Solaris).

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true