Retrospect Backup Client Multiple Vulnerabilities (ESA-08-009)

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.

Synopsis :

The remote backup client is affected by multiple vulnerabilities.

Description :

According to its version number, the Retrospect Backup Client
installed on the remote host is affected by several vulnerabilities :

- An error in the client may lead to memory corruption
and in turn a denial of service condition when
processing specially crafted packets, although only
when an English client is used on a Chinese operating
system, which is not a supported configuration.

- The password hash is sent over the network unencrypted,
which could result in its disclosure.

- A NULL pointer dereference error may lead to a denial
of service condition.

See also :

Solution :

Upgrade to the latest version of Retrospect Client software and verify
it is at least 6.2.229 (Macintosh) / 7.6.106 (Windows) / 7.6.100 (Red
Hat Linux or Solaris).

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 33561 ()

Bugtraq ID: 30306

CVE ID: CVE-2008-3287