EMC NetWorker < 8.0.4.4 / 8.1.x < 8.1.3.6 / 8.2.x < 8.2.2.2 / 9.0.x < 9.0.0.2 RPC Authentication DoS

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by a denial of service vulnerability.

Description :

The version of EMC NetWorker installed on the remote Windows host is
prior to 8.0.4.5, 8.1.x prior to 8.1.3.6, 8.2.x prior to 8.2.2.2, or
9.0.x prior to 9.0.0.2. It is, therefore, affected by a denial of
service vulnerability due to improper handling of malformed RPC
authentication requests. An unauthenticated, remote attacker can
exploit this to crash the service.

See also :

http://seclists.org/bugtraq/2015/Dec/att-18/ESA-2015-171.txt

Solution :

Upgrade to EMC NetWorker 8.0.4.5 / 8.1.3.6 / 8.2.2.2 / 9.0.0.2 or
later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 87309 ()

Bugtraq ID: 78519

CVE ID: CVE-2015-6849

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now