CVE-2011-0321

Name of the Vulnerable Software and Affected Versions EMC NetWorker versions prior to 7.5 SP4 EMC NetWorker versions 7.5.3.x prior to 7.5.3.5 EMC NetWorker versions 7.6.x prior to 7.6.1.2

Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from interprocess communication by sending crafted UDP packets containing service commands. This is due to the failure of librpc.dll in nsrexecd to properly mitigate the possibility of a spoofed localhost source IP address, enabling attackers to register or unregister RPC services.

Recommendations For versions prior to 7.5 SP4, update to version 7.5 SP4 or later. For versions 7.5.3.x prior to 7.5.3.5, update to version 7.5.3.5 or later. For versions 7.6.x prior to 7.6.1.2, update to version 7.6.1.2 or later.