CVE-2009-3448

Name of the Vulnerable Software and Affected Versions BakBone NetVault Backup version 8.22 Build 29

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending a packet to either TCP or UDP port 20031 with a large value in an unspecified size field. The problem arises because this value is not properly handled in a malloc operation.

Recommendations For BakBone NetVault Backup version 8.22 Build 29, consider restricting access to TCP and UDP port 20031 as a temporary workaround to minimize the risk of exploitation. Avoid using large values in unspecified size fields in packets to these ports until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.