Retrospect Backup Client <= 7.5.116 Multiple Vulnerabilities (ESA-08-009)

Medium Nessus Network Monitor Plugin ID 4606

Synopsis

The remote backup client is affected by multiple vulnerabilities.

Description

According to its version number, the Retrospect Backup Client installed on the remote host is affected by several vulnerabilities :

- An error in the client may lead to memory corruption and in turn a denial of service condition when processing specially-crafted packets, although only when an English client is used on a Chinese operating system, which is not a supported configuration.
- The password hash is sent over the network unencrypted, which could result in its disclosure.
- A null pointer dereference error may lead to a denial of service condition.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.fortiguardcenter.com/advisory/FGA-2008-16.html

http://www.securityfocus.com/archive/1/494560/30/0/threaded

http://www.securityfocus.com/archive/1/494562/30/0/threaded

http://www.securityfocus.com/archive/1/494564/30/0/threaded

http://kb.dantz.com/article.asp?article=9692&amp;p=2

Plugin Details

Severity: Medium

ID: 4606

Family: Generic

Published: 2008/07/23

Modified: 2016/01/21

Dependencies: 4599

Nessus ID: 33561

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2008-3287, CVE-2008-3288, CVE-2008-3289, CVE-2008-3290

BID: 30306, 30308, 30313, 30319