class101 has reported some vulnerabilities in BakBone NetVault, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to some boundary errors in the communication handling. This can be exploited to cause a heap-based buffer overflow by sending some specially crafted traffic to port 20031.
Successful exploitation allows execution of arbitrary code.
NOTE: Exploit code is publicly available. A similar vulnerability with the same impact has been reported by BuzzDee.
The vulnerabilities have been reported in versions 6.x and 7.x. Other versions may also be affected.
Solution: The vulnerabilities have been fixed in versions 7.1.2, 7.1.3, 7.3.1 and 7.4.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com