librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
| Link | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt | |
| http://securitytracker.com/id?1025010 | vdb entry |
| http://www.securityfocus.com/bid/46044 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64997 | vdb entry |
| http://archives.neohapsis.com/archives/bugtraq/2011-01/0162.html | mailing list |
| http://www.osvdb.org/70686 | vdb entry |
| http://secunia.com/advisories/43113 | third party advisory vendor advisory |
| http://www.vupen.com/english/advisories/2011/0241 | vdb entry vendor advisory |