Signature Detail
Short Name |
APP:MISC:QUEST-NETVAULT-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Quest NetVault SmartDisk libnvbasics.dll Denial Of Service |
Release Date |
2011/06/16 |
Update Number |
1940 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Quest NetVault SmartDisk libnvbasics.dll Denial Of Service
A denial of service vulnerability has been reported in Quest's (formerly BakBone) NetVault SmartDisk backup application. Specifically, an input validation error exists in libnvbasics.dll, which is used by the percolatorslave.exe service listening on TCP port 37452. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition.
Extended Description
NetVault: SmartDisk is prone to a remote denial-of-service vulnerability. A successful exploit will cause the application to crash, effectively denying service. NOTE: Remote code execution may be possible; however, this has not been confirmed. NetVault: SmartDisk versions 1.2.2 and prior are affected.
Affected Products
- BakBone NetVault: SmartDisk 1.2.1
- BakBone NetVault: SmartDisk 1.2.2
References
- BugTraq: 48029