Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1009Improper Restriction of Operations within the Bounds of a Memory Buffer in Netvault

8 documents5 sources
Severity
10.0CRITICALNVD
EPSS
83.5%
top 0.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Bakbone Netvault
Timeline
PublishedMay 2
Latest updateMay 1

Description

Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDbakbone/netvault7.0, 7.1+1

🔴Vulnerability Details

2
GHSA
GHSA-52cx-pw5v-jj85: Multiple buffer overflows in BakBone NetVault 62022-05-01
CVEList
CVE-2005-1009: Multiple buffer overflows in BakBone NetVault 62005-04-08

💥Exploits & PoCs

4
Exploit-DB
BakBone NetVault - Remote Heap Overflow (Metasploit)2010-09-20
Exploit-DB
BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (1)2005-05-17
Exploit-DB
BakBone NetVault 6.x/7.x - Remote Heap Buffer Overflow (2)2005-04-01
Exploit-DB
BakBone NetVault 6.x/7.x - Local Stack Buffer Overflow2005-04-01

💬Community

1
Bugzilla
CAN-2004-1009 Multiple mc issues (CAN-2004-1090 CAN-2004-1091 CAN-2004-1093 CAN-2004-1174 CAN-2004-1175 CAN-2005-0763)2005-05-24
CVE-2005-1009 — Bakbone Netvault vulnerability | cvebase