CVE-2007-3618high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
References
http://secunia.com/advisories/26517
http://securityreason.com/securityalert/3043
http://www.securityfocus.com/archive/1/477172/100/0/threaded
http://www.securityfocus.com/bid/25375
http://www.securitytracker.com/id?1018590
http://www.vupen.com/english/advisories/2007/2931
Details
Source: MITRE
Published: 2007-08-21
Updated: 2018-10-15
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:emc:legato_networker:7.0:*:*:*:*:*:*:*
cpe:2.3:a:emc:legato_networker:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 94163 | EMC Legato Networker Remote Exec Service Stack Overflow RCE | Nessus | Gain a shell remotely | critical |
| 4182 | EMC Legato Networker 'nsrexecd.exe' Overflow | Nessus Network Monitor | Generic | medium |