HTTP: Quest NetVault Backup Multipart Request Part Header Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Quest NetVault Backup Server. Successful exploitation of the vulnerability could allow arbitrary code execution under the security context of SYSTEM.
Extended Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215.
Affected Products
Quest netvault_backup
References
CVE: CVE-2018-1161
Short Name
HTTP:QUEST-NETVAULT-BACKUP-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Backup Buffer CVE-2018-1161 Header Multipart NetVault Overflow Part Quest Request Stack
Release Date
01/22/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Quest
CVSS Score
10.0