CVE-2009-3448 - OpenCVE

npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bakbone	Netvault

Configuration 1 [-]

cpe:2.3:a:bakbone:netvault:8.22:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/58329
http://secunia.com/advisories/36847	Vendor Advisory
http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos	Exploit URL Repurposed
http://www.securityfocus.com/bid/36489
http://www.securitytracker.com/id?1022941
https://exchange.xforce.ibmcloud.com/vulnerabilities/53434

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-29T15:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-09-29T00:00:00

Link: CVE-2009-3448

JSON object: View

NVD Information

Status : Modified

Published: 2009-09-29T15:30:00.483

Modified: 2024-02-14T01:17:43.863

Link: CVE-2009-3448

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-09-23T00:00:00", "descriptions": [{"lang": "en", "value": "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1022941", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022941"}, {"name": "58329", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/58329"}, {"name": "36489", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36489"}, {"tags": ["x_refsource_MISC"], "url": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos"}, {"name": "netvault-npvmgr-dos(53434)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434"}, {"name": "36847", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36847"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3448", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1022941", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022941"}, {"name": "58329", "refsource": "OSVDB", "url": "http://osvdb.org/58329"}, {"name": "36489", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36489"}, {"name": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos", "refsource": "MISC", "url": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos"}, {"name": "netvault-npvmgr-dos(53434)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434"}, {"name": "36847", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36847"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3448", "datePublished": "2009-09-29T15:00:00", "dateReserved": "2009-09-29T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bakbone:netvault:8.22:*:*:*:*:*:*:*", "matchCriteriaId": "33CE5E34-EB90-4283-89EB-48882843846A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "npvmgr.exe en BakBone NetVault Backup v8.22 Build 29 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de paquetes (1) TCP o (2) UDP puerto 20031 con un valor largo en un campo de tama\u00f1o sin especipicar, que no es manejado adecuadamente en una operaci\u00f3n alloc. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."}], "id": "CVE-2009-3448", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-09-29T15:30:00.483", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/58329"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36847"}, {"source": "cve@mitre.org", "tags": ["Exploit", "URL Repurposed"], "url": "http://www.insight-tech.org/index.php?p=bakbone-netvault-backup-8-22-build-29-remote-dos"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36489"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022941"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53434"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}